Merge branch 'master' into api-add-missing-map

docs(changelog): change fix from version
docs(changelog): update PR link for new fix
2026-06-15 01:49:29 +00:00 · 2025-06-23 10:48:00 +02:00 · 2025-06-20 10:00:39 +02:00 · 2025-06-20 09:58:23 +02:00 · 2025-06-18 18:20:25 +02:00
724 changed files with 15221 additions and 51110 deletions
@@ -6,12 +6,9 @@
 PROWLER_UI_VERSION="stable"
 AUTH_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_BASE_URL=${API_BASE_URL}
 NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
-# Temp URL for feeds need to use actual
-RSS_FEED_URL=https://prowler.com/blog/rss
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
 # Google Tag Manager ID
@@ -133,7 +130,7 @@ SENTRY_ENVIRONMENT=local
 SENTRY_RELEASE=local

 #### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.10.0
+NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.6.0

 # Social login credentials
 SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
@@ -145,7 +142,8 @@ SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
 SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""

 # Single Sign-On (SSO)
-SAML_SSO_CALLBACK_URL="${AUTH_URL}/api/auth/callback/saml"
+SAML_PUBLIC_CERT=""
+SAML_PRIVATE_KEY=""

 # Lighthouse tracing
 LANGSMITH_TRACING=false
@@ -22,11 +22,6 @@ provider/kubernetes:
      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/**"

-provider/m365:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/m365/**"
-      - any-glob-to-any-file: "tests/providers/m365/**"
-
 provider/github:
  - changed-files:
      - any-glob-to-any-file: "prowler/providers/github/**"
@@ -6,7 +6,6 @@ on:
      - "master"
    paths:
      - "api/**"
-      - "prowler/**"
      - ".github/workflows/api-build-lint-push-containers.yml"

  # Uncomment the code below to test this action on PRs
@@ -77,7 +76,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
@@ -48,12 +48,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        category: "/language:${{matrix.language}}"
@@ -136,6 +136,12 @@ jobs:
        run: |
          poetry check --lock

+      - name: Prevents known compatibility error between lxml and libxml2/libxmlsec versions - https://github.com/xmlsec/python-xmlsec/issues/320
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pip install --force-reinstall --no-binary lxml lxml
+
      - name: Lint with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -163,10 +169,9 @@ jobs:
      - name: Safety
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
+        # 76352 and 76353 come from SDK, but they cannot upgrade it yet. It does not affect API
        run: |
-          poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
+          poetry run safety check --ignore 70612,66963,74429,76352,76353

      - name: Vulture
        working-directory: ./api
@@ -206,7 +211,7 @@ jobs:
          files_ignore: ${{ env.IGNORE_FILES }}
      - name: Set up Docker Buildx
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@a05cf0859455b5b16317ee22d809887a4043cdf0 # v3.90.2
+        uses: trufflesecurity/trufflehog@90694bf9af66e7536abc5824e7a87246dbf933cb # v3.88.35
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -1,266 +0,0 @@
-name: Prowler Release Preparation
-
-run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      prowler_version:
-        description: 'Prowler version to release (e.g., 5.9.0)'
-        required: true
-        type: string
-
-env:
-  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}
-
-jobs:
-  prepare-release:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        fetch-depth: 0
-        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-
-    - name: Set up Python
-      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-      with:
-        python-version: '3.12'
-
-    - name: Install Poetry
-      run: |
-        python3 -m pip install --user poetry
-        echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-    - name: Configure Git
-      run: |
-        git config --global user.name "prowler-bot"
-        git config --global user.email "179230569+prowler-bot@users.noreply.github.com"
-
-    - name: Parse version and determine branch
-      run: |
-        # Validate version format (reusing pattern from sdk-bump-version.yml)
-        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-          MAJOR_VERSION=${BASH_REMATCH[1]}
-          MINOR_VERSION=${BASH_REMATCH[2]}
-          PATCH_VERSION=${BASH_REMATCH[3]}
-
-          # Export version components to environment
-          echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "PATCH_VERSION=${PATCH_VERSION}" >> "${GITHUB_ENV}"
-
-          # Determine branch name (format: v5.9)
-          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
-          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"
-
-          # Calculate UI version (1.X.X format - matches Prowler minor version)
-          UI_VERSION="1.${MINOR_VERSION}.${PATCH_VERSION}"
-          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-
-          # Calculate API version (1.X.X format - one minor version ahead)
-          API_MINOR_VERSION=$((MINOR_VERSION + 1))
-          API_VERSION="1.${API_MINOR_VERSION}.${PATCH_VERSION}"
-          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Prowler version: $PROWLER_VERSION"
-          echo "Branch name: $BRANCH_NAME"
-          echo "UI version: $UI_VERSION"
-          echo "API version: $API_VERSION"
-          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
-        else
-          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
-          exit 1
-        fi
-
-    - name: Checkout existing branch for patch release
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
-          exit 1
-        fi
-
-    - name: Verify version in pyproject.toml
-      run: |
-        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ pyproject.toml version: $CURRENT_VERSION"
-
-    - name: Verify version in prowler/config/config.py
-      run: |
-        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in prowler/config/config.py (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"
-
-    - name: Verify version in api/pyproject.toml
-      run: |
-        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in api/pyproject.toml (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"
-
-    - name: Verify prowler dependency in api/pyproject.toml
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-        if [ "$CURRENT_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Prowler dependency mismatch in api/pyproject.toml (expected: '$BRANCH_NAME_TRIMMED', found: '$CURRENT_PROWLER_REF')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
-
-    - name: Verify version in api/src/backend/api/v1/views.py
-      run: |
-        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in views.py (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
-
-    - name: Create release branch for minor release
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        echo "Minor release detected (patch = 0), creating new branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME" || git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "ERROR: Branch $BRANCH_NAME already exists for minor release $PROWLER_VERSION"
-          exit 1
-        fi
-        git checkout -b "$BRANCH_NAME"
-        
-        # Push the new branch first so it exists remotely
-        git push origin "$BRANCH_NAME"
-
-    - name: Update prowler dependency in api/pyproject.toml
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-
-        # Minor release: update the dependency to use the new branch
-        echo "Minor release detected - updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
-        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
-
-        # Verify the change was made
-        UPDATED_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        if [ "$UPDATED_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Failed to update prowler dependency in api/pyproject.toml"
-          exit 1
-        fi
-
-        # Update poetry lock file
-        echo "Updating poetry.lock file..."
-        cd api
-        poetry lock
-        cd ..
-
-        # Commit and push the changes
-        git add api/pyproject.toml api/poetry.lock
-        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
-        git push origin "$BRANCH_NAME"
-
-        echo "✓ api/pyproject.toml prowler dependency updated to: $UPDATED_PROWLER_REF"
-
-    - name: Extract changelog entries
-      run: |
-        set -e
-
-        # Function to extract changelog for a specific version
-        extract_changelog() {
-          local file="$1"
-          local version="$2"
-          local output_file="$3"
-
-          if [ ! -f "$file" ]; then
-            echo "Warning: $file not found, skipping..."
-            touch "$output_file"
-            return
-          fi
-
-          # Extract changelog section for this version
-          awk -v version="$version" '
-            /^## \[v?'"$version"'\]/ { found=1; next }
-            found && /^## \[v?[0-9]+\.[0-9]+\.[0-9]+\]/ { found=0 }
-            found && !/^## \[v?'"$version"'\]/ { print }
-          ' "$file" > "$output_file"
-
-          # Remove --- separators
-          sed -i '/^---$/d' "$output_file"
-
-          # Remove trailing empty lines
-          sed -i '/^$/d' "$output_file"
-        }
-
-        # Extract changelogs
-        echo "Extracting changelog entries..."
-        extract_changelog "prowler/CHANGELOG.md" "$PROWLER_VERSION" "prowler_changelog.md"
-        extract_changelog "api/CHANGELOG.md" "$API_VERSION" "api_changelog.md"
-        extract_changelog "ui/CHANGELOG.md" "$UI_VERSION" "ui_changelog.md"
-
-        # Combine changelogs in order: UI, API, SDK
-        > combined_changelog.md
-
-        if [ -s "ui_changelog.md" ]; then
-          echo "## UI" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat ui_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "api_changelog.md" ]; then
-          echo "## API" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat api_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "prowler_changelog.md" ]; then
-          echo "## SDK" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat prowler_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        echo "Combined changelog preview:"
-        cat combined_changelog.md
-
-    - name: Create draft release
-      uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
-      with:
-        tag_name: ${{ env.PROWLER_VERSION }}
-        name: Prowler ${{ env.PROWLER_VERSION }}
-        body_path: combined_changelog.md
-        draft: true
-        target_commitish: ${{ env.PATCH_VERSION == '0' && 'master' || env.BRANCH_NAME }}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Clean up temporary files
-      run: |
-        rm -f prowler_changelog.md api_changelog.md ui_changelog.md combined_changelog.md
@@ -9,8 +9,6 @@ jobs:
    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
    runs-on: ubuntu-latest
    permissions:
-      id-token: write
-      contents: read
      pull-requests: write
    env:
      MONITORED_FOLDERS: "api ui prowler"
@@ -47,7 +45,6 @@ jobs:
          echo "EOF" >> $GITHUB_OUTPUT

      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
        id: find_comment
        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e #v3.1.0
        with:
@@ -55,20 +52,29 @@ jobs:
          comment-author: 'github-actions[bot]'
          body-includes: '<!-- changelog-check -->'

-      - name: Update PR comment with changelog status
-        if: github.event.pull_request.head.repo.full_name == github.repository
+      - name: Comment on PR if changelog is missing
+        if: steps.check_folders.outputs.missing_changelogs != ''
        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          edit-mode: replace
          body: |
            <!-- changelog-check -->
-            ${{ steps.check_folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
+            ⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**

-            {0}
+            ${{ steps.check_folders.outputs.missing_changelogs }}

-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check_folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉' }}
+            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.
+
+      - name: Comment on PR if all changelogs are present
+        if: steps.check_folders.outputs.missing_changelogs == ''
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.find_comment.outputs.comment-id }}
+          body: |
+            <!-- changelog-check -->
+            ✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉

      - name: Fail if changelog is missing
        if: steps.check_folders.outputs.missing_changelogs != ''
@@ -27,12 +27,11 @@ jobs:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
          event-type: prowler-pull-request-merged
-          client-payload: |
-            {
-              "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
-              "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-              "PROWLER_PR_TITLE": ${{ toJson(github.event.pull_request.title) }},
-              "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
-              "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }}
-            }
+          client-payload: '{
+            "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
+            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
+            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
+            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
+            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
+            "PROWLER_PR_URL":${{ toJson(github.event.pull_request.html_url) }}
+          }'
@@ -123,7 +123,7 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
@@ -12,6 +12,7 @@ env:
 jobs:
  bump-version:
    name: Bump Version
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -96,7 +97,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -135,7 +135,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -56,12 +56,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        category: "/language:${{matrix.language}}"
@@ -102,15 +102,8 @@ jobs:
        run: |
          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .

-      - name: Dockerfile - Check if Dockerfile has changed
-        id: dockerfile-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            Dockerfile
-
      - name: Hadolint
-        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013

@@ -30,7 +30,6 @@ env:
  # Container Registries
  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1

 jobs:
  repository-check:
@@ -77,7 +76,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
@@ -87,7 +86,6 @@ jobs:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
          # Set push: false for testing
          push: true
          tags: |
@@ -103,7 +101,6 @@ jobs:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
@@ -48,12 +48,12 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          category: "/language:${{matrix.language}}"
@@ -1,98 +0,0 @@
-name: UI - E2E Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-      - "v5.*"
-    paths:
-      - '.github/workflows/ui-e2e-tests.yml'
-      - 'ui/**'
-
-jobs:
-  e2e-tests:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    env:
-      AUTH_SECRET: 'fallback-ci-secret-for-testing'
-      AUTH_TRUST_HOST: true
-      NEXTAUTH_URL: 'http://localhost:3000'
-      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Start API services
-        run: |
-          # Override docker-compose image tag to use latest instead of stable
-          # This overrides any PROWLER_API_VERSION set in .env file
-          export PROWLER_API_VERSION=latest
-          echo "Using PROWLER_API_VERSION=${PROWLER_API_VERSION}"
-          docker compose up -d api worker worker-beat
-      - name: Wait for API to be ready
-        run: |
-          echo "Waiting for prowler-api..."
-          timeout=150  # 5 minutes max
-          elapsed=0
-          while [ $elapsed -lt $timeout ]; do
-            if curl -s ${NEXT_PUBLIC_API_BASE_URL}/docs >/dev/null 2>&1; then
-              echo "Prowler API is ready!"
-              exit 0
-            fi
-            echo "Waiting for prowler-api... (${elapsed}s elapsed)"
-            sleep 5
-            elapsed=$((elapsed + 5))
-          done
-          echo "Timeout waiting for prowler-api to start"
-          exit 1
-      - name: Load database fixtures for E2E tests
-        run: |
-          docker compose exec -T api sh -c '
-            echo "Loading all fixtures from api/fixtures/dev/..."
-            for fixture in api/fixtures/dev/*.json; do
-              if [ -f "$fixture" ]; then
-                echo "Loading $fixture"
-                poetry run python manage.py loaddata "$fixture" --database admin
-              fi
-            done
-            echo "All database fixtures loaded successfully!"
-          '
-      - name: Setup Node.js environment
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: '20.x'
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
-      - name: Install UI dependencies
-        working-directory: ./ui
-        run: npm ci
-      - name: Build UI application
-        working-directory: ./ui
-        run: npm run build
-      - name: Cache Playwright browsers
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-        id: playwright-cache
-        with:
-          path: ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('ui/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-playwright-
-      - name: Install Playwright browsers
-        working-directory: ./ui
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        run: npm run test:e2e:install
-      - name: Run E2E tests
-        working-directory: ./ui
-        run: npm run test:e2e
-      - name: Upload test reports
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
-        if: failure()
-        with:
-          name: playwright-report
-          path: ui/playwright-report/
-          retention-days: 30
-      - name: Cleanup services
-        if: always()
-        run: |
-          echo "Shutting down services..."
-          docker compose down -v || true
-          echo "Cleanup completed"
@@ -34,24 +34,21 @@ jobs:
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: ${{ matrix.node-version }}
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
      - name: Install dependencies
        working-directory: ./ui
-        run: npm ci
+        run: npm install
      - name: Run Healthcheck
        working-directory: ./ui
        run: npm run healthcheck
      - name: Build the application
        working-directory: ./ui
        run: npm run build
-
  test-container-build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
@@ -44,16 +44,6 @@ junit-reports/

 # Cursor files
 .cursorignore
-.cursor/
-
-# RooCode files
-.roo/
-.rooignore
-.roomodes
-
-# Cline files
-.cline/
-.clineignore

 # Terraform
 .terraform*
@@ -115,8 +115,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
-        entry: bash -c 'safety check --ignore 70612,66963,74429,76352,76353,77744,77745'
+        entry: bash -c 'safety check --ignore 70612,66963,74429,76352,76353'
        language: system

      - id: vulture
@@ -1,4 +1,4 @@
-FROM python:3.12.11-slim-bookworm AS build
+FROM python:3.12.10-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
 LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
@@ -6,8 +6,7 @@ LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
 ARG POWERSHELL_VERSION=7.5.0

 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    wget libicu72 libunwind8 libssl3 libcurl4 ca-certificates apt-transport-https gnupg \
+RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
    && rm -rf /var/lib/apt/lists/*

 # Install PowerShell
@@ -47,6 +46,10 @@ ENV PATH="${HOME}/.local/bin:${PATH}"
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

+# By default poetry does not compile Python source files to bytecode during installation.
+# This speeds up the installation process, but the first execution may take a little more
+# time because Python then compiles source files to bytecode automatically. If you want to
+# compile source files to bytecode during installation, you can use the --compile option
 RUN poetry install --compile && \
    rm -rf ~/.cache/pip

@@ -88,7 +88,7 @@ prowler dashboard
 |---|---|---|---|---|
 | AWS | 567 | 82 | 36 | 10 |
 | GCP | 79 | 13 | 10 | 3 |
-| Azure | 142 | 18 | 11 | 3 |
+| Azure | 142 | 18 | 10 | 3 |
 | Kubernetes | 83 | 7 | 5 | 7 |
 | GitHub | 16 | 2 | 1 | 0 |
 | M365 | 69 | 7 | 3 | 2 |
@@ -136,14 +136,6 @@ If your workstation's architecture is incompatible, you can resolve this by:

 > Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

-### Common Issues with Docker Pull Installation
-
-> [!Note]
-  If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.md) section for more details and examples.
-
-You can find more information in the [Troubleshooting](./docs/troubleshooting.md) section.
-
-
 ### From GitHub

 **Requirements**
@@ -2,85 +2,19 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.11.0] (Prowler 5.10.0)
-
-### Added
- Github provider support [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271)
- Integration with Amazon S3, enabling storage and retrieval of scan data via S3 buckets [(#8056)](https://github.com/prowler-cloud/prowler/pull/8056)
-
-### Fixed
- Avoid sending errors to Sentry in M365 provider when user authentication fails [(#8420)](https://github.com/prowler-cloud/prowler/pull/8420)
-
---
-
-## [1.10.2] (Prowler v5.9.2)
-
-### Changed
- Optimized queries for resources views [(#8336)](https://github.com/prowler-cloud/prowler/pull/8336)
-
---
-
-## [v1.10.1] (Prowler v5.9.1)
-
-### Fixed
- Calculate failed findings during scans to prevent heavy database queries [(#8322)](https://github.com/prowler-cloud/prowler/pull/8322)
-
---
-
-## [v1.10.0] (Prowler v5.9.0)
-
-### Added
- SSO with SAML support [(#8175)](https://github.com/prowler-cloud/prowler/pull/8175)
- `GET /resources/metadata`, `GET /resources/metadata/latest` and `GET /resources/latest` to expose resource metadata and latest scan results [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
-
-### Changed
- `/processors` endpoints to post-process findings. Currently, only the Mutelist processor is supported to allow to mute findings.
- Optimized the underlying queries for resources endpoints [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- Optimized include parameters for resources view [(#8229)](https://github.com/prowler-cloud/prowler/pull/8229)
- Optimized overview background tasks [(#8300)](https://github.com/prowler-cloud/prowler/pull/8300)
-
-### Fixed
- Search filter for findings and resources [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- RBAC is now applied to `GET /overviews/providers` [(#8277)](https://github.com/prowler-cloud/prowler/pull/8277)
-
-### Changed
- `POST /schedules/daily` returns a `409 CONFLICT` if already created [(#8258)](https://github.com/prowler-cloud/prowler/pull/8258)
-
-### Security
- Enhanced password validation to enforce 12+ character passwords with special characters, uppercase, lowercase, and numbers [(#8225)](https://github.com/prowler-cloud/prowler/pull/8225)
-
---
-
-## [v1.9.1] (Prowler v5.8.1)
-
-### Added
- Custom exception for provider connection errors during scans [(#8234)](https://github.com/prowler-cloud/prowler/pull/8234)
-
-### Changed
- Summary and overview tasks now use a dedicated queue and no longer propagate errors to compliance tasks [(#8214)](https://github.com/prowler-cloud/prowler/pull/8214)
-
-### Fixed
- Scan with no resources will not trigger legacy code for findings metadata [(#8183)](https://github.com/prowler-cloud/prowler/pull/8183)
- Invitation email comparison case-insensitive [(#8206)](https://github.com/prowler-cloud/prowler/pull/8206)
-
-### Removed
- Validation of the provider's secret type during updates [(#8197)](https://github.com/prowler-cloud/prowler/pull/8197)
-
---
-
-## [v1.9.0] (Prowler v5.8.0)
+## [v1.9.0] (Prowler UNRELEASED)

 ### Added
+- SSO with SAML support [(#7822)](https://github.com/prowler-cloud/prowler/pull/7822)
 - Support GCP Service Account key [(#7824)](https://github.com/prowler-cloud/prowler/pull/7824)
 - `GET /compliance-overviews` endpoints to retrieve compliance metadata and specific requirements statuses [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877)
 - Lighthouse configuration support [(#7848)](https://github.com/prowler-cloud/prowler/pull/7848)

 ### Changed
 - Reworked `GET /compliance-overviews` to return proper requirement metrics [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877)
- Optional `user` and `password` for M365 provider [(#7992)](https://github.com/prowler-cloud/prowler/pull/7992)

 ### Fixed
- Scheduled scans are no longer deleted when their daily schedule run is disabled [(#8082)](https://github.com/prowler-cloud/prowler/pull/8082)
+- Add missing mapping for ISO 27001 compliance for M365 provider [(#8069)](https://github.com/prowler-cloud/prowler/pull/8069)

 ---

@@ -44,9 +44,6 @@ USER prowler

 WORKDIR /home/prowler

-# Ensure output directory exists
-RUN mkdir -p /tmp/prowler_api_output
-
 COPY pyproject.toml ./

 RUN pip install --no-cache-dir --upgrade pip && \
@@ -60,6 +57,10 @@ RUN poetry install --no-root && \

 RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"

+# Prevents known compatibility error between lxml and libxml2/libxmlsec versions.
+# See: https://github.com/xmlsec/python-xmlsec/issues/320
+RUN poetry run pip install --force-reinstall --no-binary lxml lxml
+
 COPY src/backend/ ./backend/
 COPY docker-entrypoint.sh ./docker-entrypoint.sh

@@ -257,7 +257,7 @@ cd src/backend
 python manage.py loaddata api/fixtures/0_dev_users.json --database admin
 ```

-> The default credentials are `dev@prowler.com:Thisisapassword123@` or `dev2@prowler.com:Thisisapassword123@`
+> The default credentials are `dev@prowler.com:thisisapassword123` or `dev2@prowler.com:thisisapassword123`

 ## Run tests

@@ -32,7 +32,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill,overview,integrations -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill -E --max-tasks-per-child 1
 }

 start_worker_beat() {
@@ -23,14 +23,12 @@ dependencies = [
  "drf-spectacular==0.27.2",
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
-  "lxml==5.3.2",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.10",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
  "uuid6==2024.7.10",
-  "openai (>=1.82.0,<2.0.0)",
-  "xmlsec==1.3.14"
+  "openai (>=1.82.0,<2.0.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -38,7 +36,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.11.1"
+version = "1.9.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -3,7 +3,14 @@ from django.db import transaction

 from api.db_router import MainRouter
 from api.db_utils import rls_transaction
-from api.models import Membership, Role, Tenant, User, UserRoleRelationship
+from api.models import (
+    Membership,
+    Role,
+    SAMLConfiguration,
+    Tenant,
+    User,
+    UserRoleRelationship,
+)


 class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
@@ -17,7 +24,7 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
    def pre_social_login(self, request, sociallogin):
        # Link existing accounts with the same email address
        email = sociallogin.account.extra_data.get("email")
-        if sociallogin.provider.id == "saml":
+        if sociallogin.account.provider == "saml":
            email = sociallogin.user.email
        if email:
            existing_user = self.get_user_by_email(email)
@@ -31,10 +38,57 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
        """
        with transaction.atomic(using=MainRouter.admin_db):
            user = super().save_user(request, sociallogin, form)
-            provider = sociallogin.provider.id
+            provider = sociallogin.account.provider
            extra = sociallogin.account.extra_data

-            if provider != "saml":
+            if provider == "saml":
+                # Handle SAML-specific logic
+                user.first_name = extra.get("firstName", [""])[0]
+                user.last_name = extra.get("lastName", [""])[0]
+                user.company_name = extra.get("organization", [""])[0]
+                user.name = f"{user.first_name} {user.last_name}".strip()
+                user.save(using=MainRouter.admin_db)
+
+                email_domain = user.email.split("@")[-1]
+                tenant = (
+                    SAMLConfiguration.objects.using(MainRouter.admin_db)
+                    .get(email_domain=email_domain)
+                    .tenant
+                )
+
+                with rls_transaction(str(tenant.id)):
+                    role_name = extra.get("userType", ["saml_default_role"])[0].strip()
+
+                    try:
+                        role = Role.objects.using(MainRouter.admin_db).get(
+                            name=role_name, tenant_id=tenant.id
+                        )
+                    except Role.DoesNotExist:
+                        role = Role.objects.using(MainRouter.admin_db).create(
+                            name=role_name,
+                            tenant_id=tenant.id,
+                            manage_users=False,
+                            manage_account=False,
+                            manage_billing=False,
+                            manage_providers=False,
+                            manage_integrations=False,
+                            manage_scans=False,
+                            unlimited_visibility=False,
+                        )
+
+                    Membership.objects.using(MainRouter.admin_db).create(
+                        user=user,
+                        tenant=tenant,
+                        role=Membership.RoleChoices.MEMBER,
+                    )
+
+                    UserRoleRelationship.objects.using(MainRouter.admin_db).create(
+                        user=user,
+                        role=role,
+                        tenant_id=tenant.id,
+                    )
+
+            else:
                # Handle other providers (e.g., GitHub, Google)
                user.save(using=MainRouter.admin_db)
                social_account_name = extra.get("name")
@@ -65,7 +119,5 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
                        role=role,
                        tenant_id=tenant.id,
                    )
-            else:
-                request.session["saml_user_created"] = str(user.id)

        return user
@@ -175,29 +175,6 @@ def create_objects_in_batches(
            model.objects.bulk_create(chunk, batch_size)


-def update_objects_in_batches(
-    tenant_id: str, model, objects: list, fields: list, batch_size: int = 500
-):
-    """
-    Bulk-update model instances in repeated, per-tenant RLS transactions.
-
-    All chunks execute in their own transaction, so no single transaction
-    grows too large.
-
-    Args:
-        tenant_id (str): UUID string of the tenant under which to set RLS.
-        model: Django model class whose `.objects.bulk_update()` will be called.
-        objects (list): List of model instances (saved) to bulk-update.
-        fields (list): List of field names to update.
-        batch_size (int): Maximum number of objects per bulk_update call.
-    """
-    total = len(objects)
-    for start in range(0, total, batch_size):
-        chunk = objects[start : start + batch_size]
-        with rls_transaction(value=tenant_id, parameter=POSTGRES_TENANT_VAR):
-            model.objects.bulk_update(chunk, fields, batch_size)
-
-
 # Postgres Enums


@@ -552,15 +529,3 @@ class IntegrationTypeEnum(EnumType):
 class IntegrationTypeEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("integration_type", *args, **kwargs)
-
-
-# Postgres enum definition for Processor type
-
-
-class ProcessorTypeEnum(EnumType):
-    enum_type_name = "processor_type"
-
-
-class ProcessorTypeEnumField(PostgresEnumField):
-    def __init__(self, *args, **kwargs):
-        super().__init__("processor_type", *args, **kwargs)
@@ -57,11 +57,6 @@ class TaskInProgressException(TaskManagementError):
        super().__init__()


-# Provider connection errors
-class ProviderConnectionError(Exception):
-    """Base exception for provider connection errors."""
-
-
 def custom_exception_handler(exc, context):
    if isinstance(exc, django_validation_error):
        if hasattr(exc, "error_dict"):
@@ -78,21 +73,3 @@ def custom_exception_handler(exc, context):
                message_item["message"] for message_item in exc.detail["messages"]
            ]
    return exception_handler(exc, context)
-
-
-class ConflictException(APIException):
-    status_code = status.HTTP_409_CONFLICT
-    default_detail = "A conflict occurred. The resource already exists."
-    default_code = "conflict"
-
-    def __init__(self, detail=None, code=None, pointer=None):
-        error_detail = {
-            "detail": detail or self.default_detail,
-            "status": self.status_code,
-            "code": self.default_code,
-        }
-
-        if pointer:
-            error_detail["source"] = {"pointer": pointer}
-
-        super().__init__(detail=[error_detail])
@@ -1,6 +1,5 @@
 from datetime import date, datetime, timedelta, timezone

-from dateutil.parser import parse
 from django.conf import settings
 from django.db.models import Q
 from django_filters.rest_framework import (
@@ -29,7 +28,6 @@ from api.models import (
    Invitation,
    Membership,
    PermissionChoices,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
@@ -340,8 +338,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
    tags = CharFilter(method="filter_tag")
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    scan = UUIDFilter(field_name="provider__scan", lookup_expr="exact")
-    scan__in = UUIDInFilter(field_name="provider__scan", lookup_expr="in")

    class Meta:
        model = Resource
@@ -356,82 +352,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
            "updated_at": ["gte", "lte"],
        }

-    def filter_queryset(self, queryset):
-        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
-            self.data.get("updated_at")
-            or self.data.get("updated_at__date")
-            or self.data.get("updated_at__gte")
-            or self.data.get("updated_at__lte")
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": "At least one date filter is required: filter[updated_at], filter[updated_at.gte], "
-                        "or filter[updated_at.lte].",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "required",
-                    }
-                ]
-            )
-
-        gte_date = (
-            parse(self.data.get("updated_at__gte")).date()
-            if self.data.get("updated_at__gte")
-            else datetime.now(timezone.utc).date()
-        )
-        lte_date = (
-            parse(self.data.get("updated_at__lte")).date()
-            if self.data.get("updated_at__lte")
-            else datetime.now(timezone.utc).date()
-        )
-
-        if abs(lte_date - gte_date) > timedelta(
-            days=settings.FINDINGS_MAX_DAYS_IN_RANGE
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"The date range cannot exceed {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        return super().filter_queryset(queryset)
-
-    def filter_tag_key(self, queryset, name, value):
-        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))
-
-    def filter_tag_value(self, queryset, name, value):
-        return queryset.filter(Q(tags__value=value) | Q(tags__value__icontains=value))
-
-    def filter_tag(self, queryset, name, value):
-        # We won't know what the user wants to filter on just based on the value,
-        # and we don't want to build special filtering logic for every possible
-        # provider tag spec, so we'll just do a full text search
-        return queryset.filter(tags__text_search=value)
-
-
-class LatestResourceFilter(ProviderRelationshipFilterSet):
-    tag_key = CharFilter(method="filter_tag_key")
-    tag_value = CharFilter(method="filter_tag_value")
-    tag = CharFilter(method="filter_tag")
-    tags = CharFilter(method="filter_tag")
-
-    class Meta:
-        model = Resource
-        fields = {
-            "provider": ["exact", "in"],
-            "uid": ["exact", "icontains"],
-            "name": ["exact", "icontains"],
-            "region": ["exact", "icontains", "in"],
-            "service": ["exact", "icontains", "in"],
-            "type": ["exact", "icontains", "in"],
-        }
-
    def filter_tag_key(self, queryset, name, value):
        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))

@@ -784,12 +704,3 @@ class IntegrationFilter(FilterSet):
        fields = {
            "inserted_at": ["date", "gte", "lte"],
        }
-
-
-class ProcessorFilter(FilterSet):
-    processor_type = ChoiceFilter(choices=Processor.ProcessorChoices.choices)
-    processor_type__in = ChoiceInFilter(
-        choices=Processor.ProcessorChoices.choices,
-        field_name="processor_type",
-        lookup_expr="in",
-    )
@@ -3,7 +3,7 @@
    "model": "api.user",
    "pk": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devie Prowlerson",
      "email": "dev@prowler.com",
@@ -16,7 +16,7 @@
    "model": "api.user",
    "pk": "b6493a3a-c997-489b-8b99-278bf74de9f6",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devietoo Prowlerson",
      "email": "dev2@prowler.com",
@@ -24,18 +24,5 @@
      "is_active": true,
      "date_joined": "2024-09-18T09:04:20.850Z"
    }
-  },
-  {
-    "model": "api.user",
-    "pk": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
-      "last_login": null,
-      "name": "E2E Test User",
-      "email": "e2e@prowler.com",
-      "company_name": "Prowler E2E Tests",
-      "is_active": true,
-      "date_joined": "2024-01-01T00:00:00.850Z"
-    }
  }
 ]
@@ -46,24 +46,5 @@
      "role": "member",
      "date_joined": "2024-09-19T11:03:59.712Z"
    }
-  },
-  {
-    "model": "api.tenant",
-    "pk": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-    "fields": {
-      "inserted_at": "2024-01-01T00:00:00Z",
-      "updated_at": "2024-01-01T00:00:00Z",
-      "name": "E2E Test Tenant"
-    }
-  },
-  {
-    "model": "api.membership",
-    "pk": "9b1a2c3d-4e5f-6789-abc1-23456789def0",
-    "fields": {
-      "user": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "role": "owner",
-      "date_joined": "2024-01-01T00:00:00.000Z"
-    }
  }
 ]
@@ -149,32 +149,5 @@
      "user": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
      "inserted_at": "2024-11-20T15:36:14.302Z"
    }
-  },
-  {
-    "model": "api.role",
-    "pk": "a5b6c7d8-9e0f-1234-5678-90abcdef1234",
-    "fields": {
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "name": "e2e_admin",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": true,
-      "manage_scans": true,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-01-01T00:00:00.000Z",
-      "updated_at": "2024-01-01T00:00:00.000Z"
-    }
-  },
-  {
-    "model": "api.userrolerelationship",
-    "pk": "f1e2d3c4-b5a6-9876-5432-10fedcba9876",
-    "fields": {
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "role": "a5b6c7d8-9e0f-1234-5678-90abcdef1234",
-      "user": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-      "inserted_at": "2024-01-01T00:00:00.000Z"
-    }
  }
 ]
@@ -1,61 +1,57 @@
-# Generated by Django 5.1.10 on 2025-07-02 15:47
+# Generated by Django 5.1.8 on 2025-05-15 09:54

 import uuid

 import django.db.models.deletion
-from django.conf import settings
 from django.db import migrations, models

-import api.db_utils
 import api.rls


 class Migration(migrations.Migration):
    dependencies = [
-        ("api", "0031_scan_disable_on_cascade_periodic_tasks"),
+        ("api", "0029_findings_check_index_parent"),
    ]

    operations = [
-        migrations.AlterField(
-            model_name="integration",
-            name="integration_type",
-            field=api.db_utils.IntegrationTypeEnumField(
-                choices=[
-                    ("amazon_s3", "Amazon S3"),
-                    ("aws_security_hub", "AWS Security Hub"),
-                    ("jira", "JIRA"),
-                    ("slack", "Slack"),
-                ]
-            ),
-        ),
        migrations.CreateModel(
-            name="SAMLToken",
+            name="SAMLDomainIndex",
            fields=[
                (
                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
+                    models.BigAutoField(
+                        auto_created=True,
                        primary_key=True,
                        serialize=False,
+                        verbose_name="ID",
                    ),
                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("expires_at", models.DateTimeField(editable=False)),
-                ("token", models.JSONField(unique=True)),
+                ("email_domain", models.CharField(max_length=254, unique=True)),
                (
-                    "user",
+                    "tenant",
                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to=settings.AUTH_USER_MODEL,
+                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
                    ),
                ),
            ],
            options={
-                "db_table": "saml_tokens",
+                "db_table": "saml_domain_index",
            },
        ),
+        migrations.AddConstraint(
+            model_name="samldomainindex",
+            constraint=models.UniqueConstraint(
+                fields=("email_domain", "tenant"),
+                name="unique_resources_by_email_domain",
+            ),
+        ),
+        migrations.AddConstraint(
+            model_name="samldomainindex",
+            constraint=api.rls.BaseSecurityConstraint(
+                name="statements_on_samldomainindex",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ),
        migrations.CreateModel(
            name="SAMLConfiguration",
            fields=[
@@ -109,42 +105,16 @@ class Migration(migrations.Migration):
                fields=("tenant",), name="unique_samlconfig_per_tenant"
            ),
        ),
-        migrations.CreateModel(
-            name="SAMLDomainIndex",
-            fields=[
-                (
-                    "id",
-                    models.BigAutoField(
-                        auto_created=True,
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                    ),
-                ),
-                ("email_domain", models.CharField(max_length=254, unique=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "saml_domain_index",
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="samldomainindex",
-            constraint=models.UniqueConstraint(
-                fields=("email_domain", "tenant"),
-                name="unique_resources_by_email_domain",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="samldomainindex",
-            constraint=api.rls.BaseSecurityConstraint(
-                name="statements_on_samldomainindex",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+        migrations.AlterField(
+            model_name="integration",
+            name="integration_type",
+            field=api.db_utils.IntegrationTypeEnumField(
+                choices=[
+                    ("amazon_s3", "Amazon S3"),
+                    ("aws_security_hub", "AWS Security Hub"),
+                    ("jira", "JIRA"),
+                    ("slack", "Slack"),
+                ]
            ),
        ),
    ]
@@ -11,7 +11,7 @@ import api.rls

 class Migration(migrations.Migration):
    dependencies = [
-        ("api", "0029_findings_check_index_parent"),
+        ("api", "0030_samlconfigurations"),
    ]

    operations = [
@@ -54,7 +54,6 @@ class Migration(migrations.Migration):
                            ("gpt-4o-mini-2024-07-18", "GPT-4o Mini v2024-07-18"),
                            ("gpt-4o-mini", "GPT-4o Mini Default"),
                        ],
-                        default="gpt-4o-2024-08-06",
                        help_text="Must be one of the supported model names",
                        max_length=50,
                    ),
@@ -1,24 +0,0 @@
-# Generated by Django 5.1.10 on 2025-06-23 10:04
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0030_lighthouseconfiguration"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="scan",
-            name="scheduler_task",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                to="django_celery_beat.periodictask",
-            ),
-        ),
-    ]
@@ -1,34 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import PostgresEnumMigration, ProcessorTypeEnum, register_enum
-from api.models import Processor
-
-ProcessorTypeEnumMigration = PostgresEnumMigration(
-    enum_name="processor_type",
-    enum_values=tuple(
-        processor_type[0] for processor_type in Processor.ProcessorChoices.choices
-    ),
-)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0032_saml"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            ProcessorTypeEnumMigration.create_enum_type,
-            reverse_code=ProcessorTypeEnumMigration.drop_enum_type,
-        ),
-        migrations.RunPython(
-            partial(register_enum, enum_class=ProcessorTypeEnum),
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
@@ -1,88 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-26 13:04
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-from api.rls import RowLevelSecurityConstraint
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0033_processors_enum"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Processor",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "processor_type",
-                    api.db_utils.ProcessorTypeEnumField(
-                        choices=[("mutelist", "Mutelist")]
-                    ),
-                ),
-                ("configuration", models.JSONField(default=dict)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "processors",
-                "abstract": False,
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "id"], name="processor_tenant_id_idx"
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "processor_type"],
-                        name="processor_tenant_type_idx",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_processor",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="scan",
-            name="processor",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="scans",
-                related_query_name="scan",
-                to="api.processor",
-            ),
-        ),
-    ]
@@ -1,22 +0,0 @@
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0034_processors"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="muted_reason",
-            field=models.TextField(
-                blank=True,
-                max_length=500,
-                null=True,
-                validators=[django.core.validators.MinLengthValidator(3)],
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0035_finding_muted_reason"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-                columns="tenant_id, finding_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0036_rfm_tenant_finding_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0037_rfm_tenant_finding_index_parent"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="resource",
-            name="failed_findings_count",
-            field=models.IntegerField(default=0),
-        )
-    ]
@@ -1,20 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0038_resource_failed_findings_count"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0039_resource_resources_failed_findings_idx"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-                columns="tenant_id, resource_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0040_rfm_tenant_resource_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,23 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0041_rfm_tenant_resource_parent_partitions"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="scan",
-            index=models.Index(
-                condition=models.Q(("state", "completed")),
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                include=("id",),
-                name="scans_prov_ins_desc_idx",
-            ),
-        ),
-    ]
@@ -1,33 +0,0 @@
-# Generated by Django 5.1.7 on 2025-07-09 14:44
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0042_scan_scans_prov_ins_desc_idx"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'github';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,19 +0,0 @@
-# Generated by Django 5.1.10 on 2025-07-17 11:52
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0043_github_provider"),
-    ]
-
-    operations = [
-        migrations.AddConstraint(
-            model_name="integration",
-            constraint=models.UniqueConstraint(
-                fields=("configuration", "tenant"),
-                name="unique_configuration_per_tenant",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-# Generated by Django 5.1.10 on 2025-07-21 16:08
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0044_integration_unique_configuration_per_tenant"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="scan",
-            name="output_location",
-            field=models.CharField(blank=True, max_length=4096, null=True),
-        ),
-    ]
@@ -2,7 +2,6 @@ import json
 import logging
 import re
 import xml.etree.ElementTree as ET
-from datetime import datetime, timedelta, timezone
 from uuid import UUID, uuid4

 from allauth.socialaccount.models import SocialApp
@@ -34,7 +33,6 @@ from api.db_utils import (
    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
-    ProcessorTypeEnumField,
    ProviderEnumField,
    ProviderSecretTypeEnumField,
    ScanTriggerEnumField,
@@ -205,7 +203,6 @@ class Provider(RowLevelSecurityProtectedModel):
        GCP = "gcp", _("GCP")
        KUBERNETES = "kubernetes", _("Kubernetes")
        M365 = "m365", _("M365")
-        GITHUB = "github", _("GitHub")

    @staticmethod
    def validate_aws_uid(value):
@@ -266,16 +263,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_github_uid(value):
-        if not re.match(r"^[a-zA-Z0-9][a-zA-Z0-9-]{0,38}$", value):
-            raise ModelValidationError(
-                detail="GitHub provider ID must be a valid GitHub username or organization name (1-39 characters, "
-                "starting with alphanumeric, containing only alphanumeric characters and hyphens).",
-                code="github-uid",
-                pointer="/data/attributes/uid",
-            )
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -421,6 +408,20 @@ class Scan(RowLevelSecurityProtectedModel):
    name = models.CharField(
        blank=True, null=True, max_length=100, validators=[MinLengthValidator(3)]
    )
+    provider = models.ForeignKey(
+        Provider,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+    )
+    task = models.ForeignKey(
+        Task,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+        null=True,
+        blank=True,
+    )
    trigger = ScanTriggerEnumField(
        choices=TriggerChoices.choices,
    )
@@ -436,31 +437,11 @@ class Scan(RowLevelSecurityProtectedModel):
    completed_at = models.DateTimeField(null=True, blank=True)
    next_scan_at = models.DateTimeField(null=True, blank=True)
    scheduler_task = models.ForeignKey(
-        PeriodicTask, on_delete=models.SET_NULL, null=True, blank=True
-    )
-    output_location = models.CharField(blank=True, null=True, max_length=4096)
-    provider = models.ForeignKey(
-        Provider,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-    )
-    task = models.ForeignKey(
-        Task,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
-    )
-    processor = models.ForeignKey(
-        "Processor",
-        on_delete=models.SET_NULL,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
+        PeriodicTask, on_delete=models.CASCADE, null=True, blank=True
    )
+    output_location = models.CharField(blank=True, null=True, max_length=200)
+
+    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "scans"
@@ -487,13 +468,6 @@ class Scan(RowLevelSecurityProtectedModel):
                condition=Q(state=StateChoices.COMPLETED),
                name="scans_prov_state_ins_desc_idx",
            ),
-            # TODO This might replace `scans_prov_state_ins_desc_idx` completely. Review usage
-            models.Index(
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                condition=Q(state=StateChoices.COMPLETED),
-                include=["id"],
-                name="scans_prov_ins_desc_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -579,8 +553,6 @@ class Resource(RowLevelSecurityProtectedModel):
    details = models.TextField(blank=True, null=True)
    partition = models.TextField(blank=True, null=True)

-    failed_findings_count = models.IntegerField(default=0)
-
    # Relationships
    tags = models.ManyToManyField(
        ResourceTag,
@@ -627,10 +599,6 @@ class Resource(RowLevelSecurityProtectedModel):
                fields=["tenant_id", "provider_id"],
                name="resources_tenant_provider_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
        ]

        constraints = [
@@ -729,9 +697,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    check_id = models.CharField(max_length=100, blank=False, null=False)
    check_metadata = models.JSONField(default=dict, null=False)
    muted = models.BooleanField(default=False, null=False)
-    muted_reason = models.TextField(
-        blank=True, null=True, validators=[MinLengthValidator(3)], max_length=500
-    )
    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Denormalize resource data for performance
@@ -873,16 +838,6 @@ class ResourceFindingMapping(PostgresPartitionedModel, RowLevelSecurityProtected
        #   - tenant_id
        #   - id

-        indexes = [
-            models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ]
        constraints = [
            models.UniqueConstraint(
                fields=("tenant_id", "resource_id", "finding_id"),
@@ -987,11 +942,6 @@ class Invitation(RowLevelSecurityProtectedModel):
        null=True,
    )

-    def save(self, *args, **kwargs):
-        if self.email:
-            self.email = self.email.strip().lower()
-        super().save(*args, **kwargs)
-
    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "invitations"

@@ -1346,7 +1296,7 @@ class ScanSummary(RowLevelSecurityProtectedModel):

 class Integration(RowLevelSecurityProtectedModel):
    class IntegrationChoices(models.TextChoices):
-        AMAZON_S3 = "amazon_s3", _("Amazon S3")
+        S3 = "amazon_s3", _("Amazon S3")
        AWS_SECURITY_HUB = "aws_security_hub", _("AWS Security Hub")
        JIRA = "jira", _("JIRA")
        SLACK = "slack", _("Slack")
@@ -1372,10 +1322,6 @@ class Integration(RowLevelSecurityProtectedModel):
        db_table = "integrations"

        constraints = [
-            models.UniqueConstraint(
-                fields=("configuration", "tenant"),
-                name="unique_configuration_per_tenant",
-            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
@@ -1424,26 +1370,6 @@ class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
        ]


-class SAMLToken(models.Model):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    expires_at = models.DateTimeField(editable=False)
-    token = models.JSONField(unique=True)
-    user = models.ForeignKey(User, on_delete=models.CASCADE)
-
-    class Meta:
-        db_table = "saml_tokens"
-
-    def save(self, *args, **kwargs):
-        if not self.expires_at:
-            self.expires_at = datetime.now(timezone.utc) + timedelta(seconds=15)
-        super().save(*args, **kwargs)
-
-    def is_expired(self) -> bool:
-        return datetime.now(timezone.utc) >= self.expires_at
-
-
 class SAMLDomainIndex(models.Model):
    """
    Public index of SAML domains. No RLS. Used for fast lookup in SAML login flow.
@@ -1521,7 +1447,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            ),
        ]

-    def clean(self, old_email_domain=None, is_create=False):
+    def clean(self, old_email_domain=None):
        # Domain must not contain @
        if "@" in self.email_domain:
            raise ValidationError({"email_domain": "Domain must not contain @"})
@@ -1545,25 +1471,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
                {"tenant": "There is a problem with your email domain."}
            )

-        # The entityID must be unique in the system
-        idp_settings = self._parsed_metadata
-        entity_id = idp_settings.get("entity_id")
-
-        if entity_id:
-            # Find any SocialApp with this entityID
-            q = SocialApp.objects.filter(provider="saml", provider_id=entity_id)
-
-            # If updating, exclude our own SocialApp from the check
-            if not is_create:
-                q = q.exclude(client_id=old_email_domain)
-            else:
-                q = q.exclude(client_id=self.email_domain)
-
-            if q.exists():
-                raise ValidationError(
-                    {"metadata_xml": "There is a problem with your metadata."}
-                )
-
    def save(self, *args, **kwargs):
        self.email_domain = self.email_domain.strip().lower()
        is_create = not SAMLConfiguration.objects.filter(pk=self.pk).exists()
@@ -1576,8 +1483,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            old_email_domain = None
            old_metadata_xml = None

-        self._parsed_metadata = self._parse_metadata()
-        self.clean(old_email_domain, is_create)
+        self.clean(old_email_domain)
        super().save(*args, **kwargs)

        if is_create or (
@@ -1595,12 +1501,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            email_domain=self.email_domain, defaults={"tenant": self.tenant}
        )

-    def delete(self, *args, **kwargs):
-        super().delete(*args, **kwargs)
-
-        SocialApp.objects.filter(provider="saml", client_id=self.email_domain).delete()
-        SAMLDomainIndex.objects.filter(email_domain=self.email_domain).delete()
-
    def _parse_metadata(self):
        """
        Parse the raw IdP metadata XML and extract:
@@ -1620,8 +1520,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):

        # Entity ID
        entity_id = root.attrib.get("entityID")
-        if not entity_id:
-            raise ValidationError({"metadata_xml": "Missing entityID in metadata."})

        # SSO endpoint (must exist)
        sso = root.find(".//md:IDPSSODescriptor/md:SingleSignOnService", ns)
@@ -1660,8 +1558,9 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
        Create or update the corresponding SocialApp based on email_domain.
        If the domain changed, update the matching SocialApp.
        """
+        idp_settings = self._parse_metadata()
        settings_dict = SOCIALACCOUNT_PROVIDERS["saml"].copy()
-        settings_dict["idp"] = self._parsed_metadata
+        settings_dict["idp"] = idp_settings

        current_site = Site.objects.get(id=settings.SITE_ID)

@@ -1669,24 +1568,19 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            provider="saml", client_id=previous_email_domain or self.email_domain
        )

-        client_id = self.email_domain[:191]
-        name = f"SAML-{self.email_domain}"[:40]
-
        if social_app_qs.exists():
            social_app = social_app_qs.first()
-            social_app.client_id = client_id
-            social_app.name = name
+            social_app.client_id = self.email_domain
+            social_app.name = f"{self.tenant.name} SAML ({self.email_domain})"
            social_app.settings = settings_dict
-            social_app.provider_id = self._parsed_metadata["entity_id"]
            social_app.save()
            social_app.sites.set([current_site])
        else:
            social_app = SocialApp.objects.create(
                provider="saml",
-                client_id=client_id,
-                name=name,
+                client_id=self.email_domain,
+                name=f"{self.tenant.name} SAML ({self.email_domain})",
                settings=settings_dict,
-                provider_id=self._parsed_metadata["entity_id"],
            )
            social_app.sites.set([current_site])

@@ -1865,42 +1759,3 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "lighthouse-configurations"
-
-
-class Processor(RowLevelSecurityProtectedModel):
-    class ProcessorChoices(models.TextChoices):
-        MUTELIST = "mutelist", _("Mutelist")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    processor_type = ProcessorTypeEnumField(choices=ProcessorChoices.choices)
-    configuration = models.JSONField(default=dict)
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "processors"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "id"],
-                name="processor_tenant_id_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "processor_type"],
-                name="processor_tenant_type_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "processors"
@@ -11,7 +11,7 @@ def test_basic_authentication():
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password@1"
+    test_password = "test_password"

    # Check that a 401 is returned when no basic authentication is provided
    no_auth_response = client.get(reverse("provider-list"))
@@ -108,7 +108,7 @@ def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fi
    user1_email = "user1@testing.com"
    user2_email = "user2@testing.com"

-    password = "Thisisapassword123@"
+    password = "thisisapassword123"

    user1_response = client.post(
        reverse("user-list"),
@@ -187,7 +187,7 @@ class TestTokenSwitchTenant:
        client = APIClient()

        test_user = "test_email@prowler.com"
-        test_password = "Test_password1@"
+        test_password = "test_password"

        # Check that we can create a new user without any kind of authentication
        user_creation_response = client.post(
@@ -17,7 +17,7 @@ def test_delete_provider_without_executing_task(
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password1@"
+    test_password = "test_password"

    prowler_task = tasks_fixture[0]
    task_mock = Mock()
@@ -1,10 +1,12 @@
-from unittest.mock import MagicMock, patch
+from unittest.mock import MagicMock

 import pytest
 from allauth.socialaccount.models import SocialLogin
 from django.contrib.auth import get_user_model

 from api.adapters import ProwlerSocialAccountAdapter
+from api.db_router import MainRouter
+from api.models import Membership, SAMLConfiguration, Tenant

 User = get_user_model()

@@ -25,8 +27,7 @@ class TestProwlerSocialAccountAdapter:

        sociallogin = MagicMock(spec=SocialLogin)
        sociallogin.account = MagicMock()
-        sociallogin.provider = MagicMock()
-        sociallogin.provider.id = "saml"
+        sociallogin.account.provider = "saml"
        sociallogin.account.extra_data = {}
        sociallogin.user = create_test_user
        sociallogin.connect = MagicMock()
@@ -45,9 +46,7 @@ class TestProwlerSocialAccountAdapter:

        sociallogin = MagicMock(spec=SocialLogin)
        sociallogin.account = MagicMock()
-        sociallogin.provider = MagicMock()
-        sociallogin.user = MagicMock()
-        sociallogin.provider.id = "saml"
+        sociallogin.account.provider = "github"
        sociallogin.account.extra_data = {}
        sociallogin.connect = MagicMock()

@@ -55,23 +54,29 @@ class TestProwlerSocialAccountAdapter:

        sociallogin.connect.assert_not_called()

-    def test_save_user_saml_sets_session_flag(self, rf):
+    def test_save_user_saml_flow(
+        self,
+        rf,
+        saml_setup,
+        saml_sociallogin,
+    ):
        adapter = ProwlerSocialAccountAdapter()
        request = rf.get("/")
-        request.session = {}
+        saml_sociallogin.user.email = saml_setup["email"]

-        sociallogin = MagicMock(spec=SocialLogin)
-        sociallogin.provider = MagicMock()
-        sociallogin.provider.id = "saml"
-        sociallogin.account = MagicMock()
-        sociallogin.account.extra_data = {}
+        tenant = Tenant.objects.using(MainRouter.admin_db).get(
+            id=saml_setup["tenant_id"]
+        )
+        saml_config = SAMLConfiguration.objects.using(MainRouter.admin_db).get(
+            tenant=tenant
+        )
+        assert saml_config.email_domain == saml_setup["domain"]

-        mock_user = MagicMock()
-        mock_user.id = 123
+        user = adapter.save_user(request, saml_sociallogin)

-        with patch("api.adapters.super") as mock_super:
-            with patch("api.adapters.transaction"):
-                with patch("api.adapters.MainRouter"):
-                    mock_super.return_value.save_user.return_value = mock_user
-                    adapter.save_user(request, sociallogin)
-                    assert request.session["saml_user_created"] == "123"
+        assert user.email == saml_setup["email"]
+        assert (
+            Membership.objects.using(MainRouter.admin_db)
+            .filter(user=user, tenant=tenant)
+            .exists()
+        )
@@ -13,7 +13,6 @@ from api.db_utils import (
    enum_to_choices,
    generate_random_token,
    one_week_from_now,
-    update_objects_in_batches,
 )
 from api.models import Provider

@@ -228,88 +227,3 @@ class TestCreateObjectsInBatches:

        qs = Provider.objects.filter(tenant=tenant)
        assert qs.count() == total
-
-
-@pytest.mark.django_db
-class TestUpdateObjectsInBatches:
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def make_provider_instances(self, tenant, count):
-        """
-        Return a list of `count` unsaved Provider instances for the given tenant.
-        """
-        base_uid = 2000
-        return [
-            Provider(
-                tenant=tenant,
-                uid=str(base_uid + i),
-                provider=Provider.ProviderChoices.AWS,
-            )
-            for i in range(count)
-        ]
-
-    def test_exact_multiple_of_batch(self, tenant):
-        total = 6
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        # Fetch them back, mutate the `uid` field, then update in batches
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_non_multiple_of_batch(self, tenant):
-        total = 7
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_batch_size_default(self, tenant):
-        default_size = settings.DJANGO_DELETION_BATCH_SIZE
-        total = default_size + 2
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        # Update without specifying batch_size (uses default)
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
@@ -3,7 +3,7 @@ from allauth.socialaccount.models import SocialApp
 from django.core.exceptions import ValidationError

 from api.db_router import MainRouter
-from api.models import Resource, ResourceTag, SAMLConfiguration, SAMLDomainIndex
+from api.models import Resource, ResourceTag, SAMLConfiguration, Tenant


@pytest.mark.django_db
@@ -142,8 +142,8 @@ class TestSAMLConfigurationModel:
    </md:EntityDescriptor>
    """

-    def test_creates_valid_configuration(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_creates_valid_configuration(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant A")
        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="ssoexample.com",
            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
@@ -153,8 +153,8 @@ class TestSAMLConfigurationModel:
        assert config.email_domain == "ssoexample.com"
        assert SocialApp.objects.filter(client_id="ssoexample.com").exists()

-    def test_email_domain_with_at_symbol_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_email_domain_with_at_symbol_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant B")
        config = SAMLConfiguration(
            email_domain="invalid@domain.com",
            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
@@ -168,8 +168,9 @@ class TestSAMLConfigurationModel:
        assert "email_domain" in errors
        assert "Domain must not contain @" in errors["email_domain"][0]

-    def test_duplicate_email_domain_fails(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
+    def test_duplicate_email_domain_fails(self):
+        tenant1 = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant C1")
+        tenant2 = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant C2")

        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="duplicate.com",
@@ -190,8 +191,8 @@ class TestSAMLConfigurationModel:
        assert "tenant" in errors
        assert "There is a problem with your email domain." in errors["tenant"][0]

-    def test_duplicate_tenant_config_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_duplicate_tenant_config_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant D")

        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="unique1.com",
@@ -215,8 +216,8 @@ class TestSAMLConfigurationModel:
            in errors["tenant"][0]
        )

-    def test_invalid_metadata_xml_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_invalid_metadata_xml_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant E")
        config = SAMLConfiguration(
            email_domain="brokenxml.com",
            metadata_xml="<bad<xml>",
@@ -231,8 +232,8 @@ class TestSAMLConfigurationModel:
        assert "Invalid XML" in errors["metadata_xml"][0]
        assert "not well-formed" in errors["metadata_xml"][0]

-    def test_metadata_missing_sso_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_metadata_missing_sso_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant F")
        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
                <md:IDPSSODescriptor></md:IDPSSODescriptor>
                </md:EntityDescriptor>"""
@@ -249,8 +250,8 @@ class TestSAMLConfigurationModel:
        assert "metadata_xml" in errors
        assert "Missing SingleSignOnService" in errors["metadata_xml"][0]

-    def test_metadata_missing_certificate_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_metadata_missing_certificate_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant G")
        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
                    <md:IDPSSODescriptor>
                        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/sso"/>
@@ -268,59 +269,3 @@ class TestSAMLConfigurationModel:
        errors = exc_info.value.message_dict
        assert "metadata_xml" in errors
        assert "X509Certificate" in errors["metadata_xml"][0]
-
-    def test_deletes_saml_configuration_and_related_objects(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        email_domain = "deleteme.com"
-
-        # Create the configuration
-        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain=email_domain,
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        # Verify that the SocialApp and SAMLDomainIndex exist
-        assert SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-        # Delete the configuration
-        config.delete()
-
-        # Verify that the configuration and its related objects are deleted
-        assert (
-            not SAMLConfiguration.objects.using(MainRouter.admin_db)
-            .filter(pk=config.pk)
-            .exists()
-        )
-        assert not SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            not SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-    def test_duplicate_entity_id_fails_on_creation(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
-        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="first.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant1,
-        )
-
-        config = SAMLConfiguration(
-            email_domain="second.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant2,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.save()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "There is a problem with your metadata." in errors["metadata_xml"][0]
@@ -1,7 +1,6 @@
 from unittest.mock import ANY, Mock, patch

 import pytest
-from conftest import TODAY
 from django.urls import reverse
 from rest_framework import status

@@ -61,7 +60,7 @@ class TestUserViewSet:
    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_rbac.post(
@@ -75,7 +74,7 @@ class TestUserViewSet:
    ):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_no_permissions_rbac.post(
@@ -322,7 +321,7 @@ class TestProviderViewSet:
@pytest.mark.django_db
 class TestLimitedVisibility:
    TEST_EMAIL = "rbac@rbac.com"
-    TEST_PASSWORD = "Thisisapassword123@"
+    TEST_PASSWORD = "thisisapassword123"

    @pytest.fixture
    def limited_admin_user(
@@ -410,87 +409,3 @@ class TestLimitedVisibility:
        assert (
            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
        )
-
-    def test_overviews_providers(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-
-    @pytest.mark.parametrize(
-        "endpoint_name",
-        [
-            "findings",
-            "findings_severity",
-        ],
-    )
-    def test_overviews_findings(
-        self,
-        endpoint_name,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        values = response.json()["data"]["attributes"].values()
-        assert any(value > 0 for value in values)
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]["attributes"].values()
-        assert all(value == 0 for value in data)
-
-    def test_overviews_services(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
@@ -1,100 +0,0 @@
-import pytest
-from rest_framework.exceptions import ValidationError
-
-from api.v1.serializer_utils.integrations import S3ConfigSerializer
-
-
-class TestS3ConfigSerializer:
-    """Test cases for S3ConfigSerializer validation."""
-
-    def test_validate_output_directory_valid_paths(self):
-        """Test that valid output directory paths are accepted."""
-        serializer = S3ConfigSerializer()
-
-        # Test normal paths
-        assert serializer.validate_output_directory("test") == "test"
-        assert serializer.validate_output_directory("test/folder") == "test/folder"
-        assert serializer.validate_output_directory("my-folder_123") == "my-folder_123"
-
-        # Test paths with leading slashes (should be normalized)
-        assert serializer.validate_output_directory("/test") == "test"
-        assert serializer.validate_output_directory("/test/folder") == "test/folder"
-
-        # Test paths with excessive slashes (should be normalized)
-        assert serializer.validate_output_directory("///test") == "test"
-        assert serializer.validate_output_directory("///////test") == "test"
-        assert serializer.validate_output_directory("test//folder") == "test/folder"
-        assert serializer.validate_output_directory("test///folder") == "test/folder"
-
-    def test_validate_output_directory_empty_values(self):
-        """Test that empty values raise validation errors."""
-        serializer = S3ConfigSerializer()
-
-        with pytest.raises(
-            ValidationError, match="Output directory cannot be empty or just"
-        ):
-            serializer.validate_output_directory(".")
-
-        with pytest.raises(
-            ValidationError, match="Output directory cannot be empty or just"
-        ):
-            serializer.validate_output_directory("/")
-
-    def test_validate_output_directory_invalid_characters(self):
-        """Test that invalid characters are rejected."""
-        serializer = S3ConfigSerializer()
-
-        invalid_chars = ["<", ">", ":", '"', "|", "?", "*"]
-
-        for char in invalid_chars:
-            with pytest.raises(
-                ValidationError, match="Output directory contains invalid characters"
-            ):
-                serializer.validate_output_directory(f"test{char}folder")
-
-    def test_validate_output_directory_too_long(self):
-        """Test that paths that are too long are rejected."""
-        serializer = S3ConfigSerializer()
-
-        # Create a path longer than 900 characters
-        long_path = "a" * 901
-
-        with pytest.raises(ValidationError, match="Output directory path is too long"):
-            serializer.validate_output_directory(long_path)
-
-    def test_validate_output_directory_edge_cases(self):
-        """Test edge cases for output directory validation."""
-        serializer = S3ConfigSerializer()
-
-        # Test path at the limit (900 characters)
-        path_at_limit = "a" * 900
-        assert serializer.validate_output_directory(path_at_limit) == path_at_limit
-
-        # Test complex normalization
-        assert serializer.validate_output_directory("//test/../folder//") == "folder"
-        assert serializer.validate_output_directory("/test/./folder/") == "test/folder"
-
-    def test_s3_config_serializer_full_validation(self):
-        """Test the full S3ConfigSerializer with valid data."""
-        data = {
-            "bucket_name": "my-test-bucket",
-            "output_directory": "///////test",  # This should be normalized
-        }
-
-        serializer = S3ConfigSerializer(data=data)
-        assert serializer.is_valid()
-
-        validated_data = serializer.validated_data
-        assert validated_data["bucket_name"] == "my-test-bucket"
-        assert validated_data["output_directory"] == "test"  # Normalized
-
-    def test_s3_config_serializer_invalid_data(self):
-        """Test the full S3ConfigSerializer with invalid data."""
-        data = {
-            "bucket_name": "my-test-bucket",
-            "output_directory": "test<invalid",  # Contains invalid character
-        }
-
-        serializer = S3ConfigSerializer(data=data)
-        assert not serializer.is_valid()
-        assert "output_directory" in serializer.errors
@@ -131,21 +131,6 @@ class TestInitializeProwlerProvider:
        initialize_prowler_provider(provider)
        mock_return_prowler_provider.return_value.assert_called_once_with(key="value")

-    @patch("api.utils.return_prowler_provider")
-    def test_initialize_prowler_provider_with_mutelist(
-        self, mock_return_prowler_provider
-    ):
-        provider = MagicMock()
-        provider.secret.secret = {"key": "value"}
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-        mock_return_prowler_provider.return_value = MagicMock()
-
-        initialize_prowler_provider(provider, mutelist_processor)
-        mock_return_prowler_provider.return_value.assert_called_once_with(
-            key="value", mutelist_content={"key": "value"}
-        )
-

 class TestProwlerProviderConnectionTest:
    @patch("api.utils.return_prowler_provider")
@@ -215,25 +200,6 @@ class TestGetProwlerProviderKwargs:
        expected_result = {**secret_dict, **expected_extra_kwargs}
        assert result == expected_result

-    def test_get_prowler_provider_kwargs_with_mutelist(self):
-        provider_uid = "provider_uid"
-        secret_dict = {"key": "value"}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.AWS.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider, mutelist_processor)
-
-        expected_result = {**secret_dict, "mutelist_content": {"key": "value"}}
-        assert result == expected_result
-
    def test_get_prowler_provider_kwargs_unsupported_provider(self):
        # Setup
        provider_uid = "provider_uid"
@@ -288,7 +254,7 @@ class TestValidateInvitation:

            assert result == invitation
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_validation_error(self):
@@ -303,7 +269,7 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_not_found(self):
@@ -318,7 +284,7 @@ class TestValidateInvitation:

            assert exc_info.value.detail == "Invitation is not valid."
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_expired(self, invitation):
@@ -366,27 +332,5 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="different@example.com"
-            )
-
-    def test_valid_invitation_uppercase_email(self):
-        """Test that validate_invitation works with case-insensitive email lookup."""
-        uppercase_email = "USER@example.com"
-
-        invitation = MagicMock(spec=Invitation)
-        invitation.token = "VALID_TOKEN"
-        invitation.email = uppercase_email
-        invitation.expires_at = datetime.now(timezone.utc) + timedelta(days=1)
-        invitation.state = Invitation.State.PENDING
-        invitation.tenant = MagicMock()
-
-        with patch("api.utils.Invitation.objects.using") as mock_using:
-            mock_db = mock_using.return_value
-            mock_db.get.return_value = invitation
-
-            result = validate_invitation("VALID_TOKEN", "user@example.com")
-
-            assert result == invitation
-            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="different@example.com"
            )
@@ -7,14 +7,12 @@ from rest_framework.exceptions import NotFound, ValidationError

 from api.db_router import MainRouter
 from api.exceptions import InvitationTokenExpiredException
-from api.models import Integration, Invitation, Processor, Provider, Resource
+from api.models import Invitation, Provider, Resource
 from api.v1.serializers import FindingMetadataSerializer
 from prowler.providers.aws.aws_provider import AwsProvider
-from prowler.providers.aws.lib.s3.s3 import S3
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
-from prowler.providers.github.github_provider import GithubProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider

@@ -57,21 +55,14 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> [
-    AwsProvider
-    | AzureProvider
-    | GcpProvider
-    | GithubProvider
-    | KubernetesProvider
-    | M365Provider
-]:
+) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -87,21 +78,16 @@ def return_prowler_provider(
            prowler_provider = KubernetesProvider
        case Provider.ProviderChoices.M365.value:
            prowler_provider = M365Provider
-        case Provider.ProviderChoices.GITHUB.value:
-            prowler_provider = GithubProvider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider


-def get_prowler_provider_kwargs(
-    provider: Provider, mutelist_processor: Processor | None = None
-) -> dict:
+def get_prowler_provider_kwargs(provider: Provider) -> dict:
    """Get the Prowler provider kwargs based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secret.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
        dict: The provider kwargs for the corresponding provider class.
@@ -119,39 +105,24 @@ def get_prowler_provider_kwargs(
        }
    elif provider.provider == Provider.ProviderChoices.KUBERNETES.value:
        prowler_provider_kwargs = {**prowler_provider_kwargs, "context": provider.uid}
-
-    if mutelist_processor:
-        mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
-        if mutelist_content:
-            prowler_provider_kwargs["mutelist_content"] = mutelist_content
-
    return prowler_provider_kwargs


 def initialize_prowler_provider(
    provider: Provider,
-    mutelist_processor: Processor | None = None,
-) -> (
-    AwsProvider
-    | AzureProvider
-    | GcpProvider
-    | GithubProvider
-    | KubernetesProvider
-    | M365Provider
-):
+) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
-    prowler_provider_kwargs = get_prowler_provider_kwargs(provider, mutelist_processor)
+    prowler_provider_kwargs = get_prowler_provider_kwargs(provider)
    return prowler_provider(**prowler_provider_kwargs)


@@ -176,37 +147,6 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
    )


-def prowler_integration_connection_test(integration: Integration) -> Connection:
-    """Test the connection to a Prowler integration based on the given integration type.
-
-    Args:
-        integration (Integration): The integration object containing the integration type and associated credentials.
-
-    Returns:
-        Connection: A connection object representing the result of the connection test for the specified integration.
-    """
-    if integration.integration_type == Integration.IntegrationChoices.AMAZON_S3:
-        return S3.test_connection(
-            **integration.credentials,
-            bucket_name=integration.configuration["bucket_name"],
-            raise_on_exception=False,
-        )
-    # TODO: It is possible that we can unify the connection test for all integrations, but need refactoring
-    # to avoid code duplication. Actually the AWS integrations are similar, so SecurityHub and S3 can be unified making some changes in the SDK.
-    elif (
-        integration.integration_type == Integration.IntegrationChoices.AWS_SECURITY_HUB
-    ):
-        pass
-    elif integration.integration_type == Integration.IntegrationChoices.JIRA:
-        pass
-    elif integration.integration_type == Integration.IntegrationChoices.SLACK:
-        pass
-    else:
-        raise ValueError(
-            f"Integration type {integration.integration_type} not supported"
-        )
-
-
 def validate_invitation(
    invitation_token: str, email: str, raise_not_found=False
 ) -> Invitation:
@@ -247,7 +187,7 @@ def validate_invitation(
        # Admin DB connector is used to bypass RLS protection since the invitation belongs to a tenant the user
        # is not a member of yet
        invitation = Invitation.objects.using(MainRouter.admin_db).get(
-            token=invitation_token, email__iexact=email
+            token=invitation_token, email=email
        )
    except Invitation.DoesNotExist:
        if raise_not_found:
@@ -24,32 +24,20 @@ class PaginateByPkMixin:
        request,  # noqa: F841
        base_queryset,
        manager,
-        select_related: list | None = None,
-        prefetch_related: list | None = None,
+        select_related: list[str] | None = None,
+        prefetch_related: list[str] | None = None,
    ) -> Response:
-        """
-        Paginate a queryset by primary key.
-
-        This method is useful when you want to paginate a queryset that has been
-        filtered or annotated in a way that would be lost if you used the default
-        pagination method.
-        """
        pk_list = base_queryset.values_list("id", flat=True)
        page = self.paginate_queryset(pk_list)
        if page is None:
            return Response(self.get_serializer(base_queryset, many=True).data)

        queryset = manager.filter(id__in=page)
-
        if select_related:
            queryset = queryset.select_related(*select_related)
        if prefetch_related:
            queryset = queryset.prefetch_related(*prefetch_related)

-        # Optimize tags loading, if applicable
-        if hasattr(self, "_optimize_tags_loading"):
-            queryset = self._optimize_tags_loading(queryset)
-
        queryset = sorted(queryset, key=lambda obj: page.index(obj.id))

        serialized = self.get_serializer(queryset, many=True).data
@@ -1,23 +0,0 @@
-import yaml
-from rest_framework_json_api import serializers
-from rest_framework_json_api.serializers import ValidationError
-
-
-class BaseValidateSerializer(serializers.Serializer):
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
-
-
-class YamlOrJsonField(serializers.JSONField):
-    def to_internal_value(self, data):
-        if isinstance(data, str):
-            try:
-                data = yaml.safe_load(data)
-            except yaml.YAMLError as exc:
-                raise serializers.ValidationError("Invalid YAML format") from exc
-        return super().to_internal_value(data)
@@ -1,52 +1,24 @@
-import os
-import re
-
 from drf_spectacular.utils import extend_schema_field
 from rest_framework_json_api import serializers
+from rest_framework_json_api.serializers import ValidationError

-from api.v1.serializer_utils.base import BaseValidateSerializer
+
+class BaseValidateSerializer(serializers.Serializer):
+    def validate(self, data):
+        if hasattr(self, "initial_data"):
+            initial_data = set(self.initial_data.keys()) - {"id", "type"}
+            unknown_keys = initial_data - set(self.fields.keys())
+            if unknown_keys:
+                raise ValidationError(f"Invalid fields: {unknown_keys}")
+        return data
+
+
+# Integrations


 class S3ConfigSerializer(BaseValidateSerializer):
    bucket_name = serializers.CharField()
-    output_directory = serializers.CharField(allow_blank=True)
-
-    def validate_output_directory(self, value):
-        """
-        Validate the output_directory field to ensure it's a properly formatted path.
-        Prevents paths with excessive slashes like "///////test".
-        If empty, sets a default value.
-        """
-        # If empty or None, set default value
-        if not value:
-            return "output"
-
-        # Normalize the path to remove excessive slashes
-        normalized_path = os.path.normpath(value)
-
-        # Remove leading slashes for S3 paths
-        if normalized_path.startswith("/"):
-            normalized_path = normalized_path.lstrip("/")
-
-        # Check for invalid characters or patterns
-        if re.search(r'[<>:"|?*]', normalized_path):
-            raise serializers.ValidationError(
-                'Output directory contains invalid characters. Avoid: < > : " | ? *'
-            )
-
-        # Check for empty path after normalization
-        if not normalized_path or normalized_path == ".":
-            raise serializers.ValidationError(
-                "Output directory cannot be empty or just '.' or '/'."
-            )
-
-        # Check for paths that are too long (S3 key limit is 1024 characters, leave some room for filename)
-        if len(normalized_path) > 900:
-            raise serializers.ValidationError(
-                "Output directory path is too long (max 900 characters)."
-            )
-
-        return normalized_path
+    output_directory = serializers.CharField()

    class Meta:
        resource_name = "integrations"
@@ -138,13 +110,10 @@ class IntegrationCredentialField(serializers.JSONField):
                    },
                    "output_directory": {
                        "type": "string",
-                        "description": 'The directory path within the bucket where files will be saved. Optional - defaults to "output" if not provided. Path will be normalized to remove excessive slashes and invalid characters are not allowed (< > : " | ? *). Maximum length is 900 characters.',
-                        "maxLength": 900,
-                        "pattern": '^[^<>:"|?*]+$',
-                        "default": "output",
+                        "description": "The directory path within the bucket where files will be saved.",
                    },
                },
-                "required": ["bucket_name"],
+                "required": ["bucket_name", "output_directory"],
            },
        ]
    }
@@ -1,21 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-
-from api.v1.serializer_utils.base import YamlOrJsonField
-
-from prowler.lib.mutelist.mutelist import mutelist_schema
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "Mutelist",
-                "properties": {"Mutelist": mutelist_schema},
-                "additionalProperties": False,
-            },
-        ]
-    }
-)
-class ProcessorConfigField(YamlOrJsonField):
-    pass
@@ -176,43 +176,6 @@ from rest_framework_json_api import serializers
                },
                "required": ["kubeconfig_content"],
            },
-            {
-                "type": "object",
-                "title": "GitHub Personal Access Token",
-                "properties": {
-                    "personal_access_token": {
-                        "type": "string",
-                        "description": "GitHub personal access token for authentication.",
-                    }
-                },
-                "required": ["personal_access_token"],
-            },
-            {
-                "type": "object",
-                "title": "GitHub OAuth App Token",
-                "properties": {
-                    "oauth_app_token": {
-                        "type": "string",
-                        "description": "GitHub OAuth App token for authentication.",
-                    }
-                },
-                "required": ["oauth_app_token"],
-            },
-            {
-                "type": "object",
-                "title": "GitHub App Credentials",
-                "properties": {
-                    "github_app_id": {
-                        "type": "integer",
-                        "description": "GitHub App ID for authentication.",
-                    },
-                    "github_app_key": {
-                        "type": "string",
-                        "description": "Path to the GitHub App private key file.",
-                    },
-                },
-                "required": ["github_app_id", "github_app_key"],
-            },
        ]
    }
 )
@@ -7,9 +7,7 @@ from django.contrib.auth.models import update_last_login
 from django.contrib.auth.password_validation import validate_password
 from drf_spectacular.utils import extend_schema_field
 from jwt.exceptions import InvalidKeyError
-from rest_framework.validators import UniqueTogetherValidator
 from rest_framework_json_api import serializers
-from rest_framework_json_api.relations import SerializerMethodResourceRelatedField
 from rest_framework_json_api.serializers import ValidationError
 from rest_framework_simplejwt.exceptions import TokenError
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
@@ -23,7 +21,6 @@ from api.models import (
    InvitationRoleRelationship,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -47,9 +44,7 @@ from api.v1.serializer_utils.integrations import (
    IntegrationCredentialField,
    S3ConfigSerializer,
 )
-from api.v1.serializer_utils.processors import ProcessorConfigField
 from api.v1.serializer_utils.providers import ProviderSecretField
-from prowler.lib.mutelist.mutelist import Mutelist

 # Tokens

@@ -135,12 +130,6 @@ class TokenSerializer(BaseTokenSerializer):

 class TokenSocialLoginSerializer(BaseTokenSerializer):
    email = serializers.EmailField(write_only=True)
-    tenant_id = serializers.UUIDField(
-        write_only=True,
-        required=False,
-        help_text="If not provided, the tenant ID of the first membership that was added"
-        " to the user will be used.",
-    )

    # Output tokens
    refresh = serializers.CharField(read_only=True)
@@ -862,7 +851,6 @@ class ScanSerializer(RLSSerializer):
            "completed_at",
            "scheduled_at",
            "next_scan_at",
-            "processor",
            "url",
        ]

@@ -1000,12 +988,8 @@ class ResourceSerializer(RLSSerializer):

    tags = serializers.SerializerMethodField()
    type_ = serializers.CharField(read_only=True)
-    failed_findings_count = serializers.IntegerField(read_only=True)

-    findings = SerializerMethodResourceRelatedField(
-        many=True,
-        read_only=True,
-    )
+    findings = serializers.ResourceRelatedField(many=True, read_only=True)

    class Meta:
        model = Resource
@@ -1021,7 +1005,6 @@ class ResourceSerializer(RLSSerializer):
            "tags",
            "provider",
            "findings",
-            "failed_findings_count",
            "url",
        ]
        extra_kwargs = {
@@ -1031,8 +1014,8 @@ class ResourceSerializer(RLSSerializer):
        }

    included_serializers = {
-        "findings": "api.v1.serializers.FindingIncludeSerializer",
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
+        "findings": "api.v1.serializers.FindingSerializer",
+        "provider": "api.v1.serializers.ProviderSerializer",
    }

    @extend_schema_field(
@@ -1043,10 +1026,6 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1056,17 +1035,10 @@ class ResourceSerializer(RLSSerializer):
        fields["type"] = type_
        return fields

-    def get_findings(self, obj):
-        return (
-            obj.latest_findings
-            if hasattr(obj, "latest_findings")
-            else obj.findings.all()
-        )
-

 class ResourceIncludeSerializer(RLSSerializer):
    """
-    Serializer for the included Resource model.
+    Serializer for the Resource model.
    """

    tags = serializers.SerializerMethodField()
@@ -1099,10 +1071,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1113,17 +1081,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        return fields


-class ResourceMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    types = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    # Temporarily disabled until we implement tag filtering in the UI
-    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "resources-metadata"
-
-
 class FindingSerializer(RLSSerializer):
    """
    Serializer for the Finding model.
@@ -1147,7 +1104,6 @@ class FindingSerializer(RLSSerializer):
            "updated_at",
            "first_seen_at",
            "muted",
-            "muted_reason",
            "url",
            # Relationships
            "scan",
@@ -1160,28 +1116,6 @@ class FindingSerializer(RLSSerializer):
    }


-class FindingIncludeSerializer(RLSSerializer):
-    """
-    Serializer for the include Finding model.
-    """
-
-    class Meta:
-        model = Finding
-        fields = [
-            "id",
-            "uid",
-            "status",
-            "severity",
-            "check_id",
-            "check_metadata",
-            "inserted_at",
-            "updated_at",
-            "first_seen_at",
-            "muted",
-            "muted_reason",
-        ]
-
-
 # To be removed when the related endpoint is removed as well
 class FindingDynamicFilterSerializer(serializers.Serializer):
    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
@@ -1217,8 +1151,6 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = AzureProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.GCP.value:
                serializer = GCPProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.GITHUB.value:
-                serializer = GithubProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.M365.value:
@@ -1268,8 +1200,8 @@ class M365ProviderSecret(serializers.Serializer):
    client_id = serializers.CharField()
    client_secret = serializers.CharField()
    tenant_id = serializers.CharField()
-    user = serializers.EmailField(required=False)
-    password = serializers.CharField(required=False)
+    user = serializers.EmailField()
+    password = serializers.CharField()

    class Meta:
        resource_name = "provider-secrets"
@@ -1298,16 +1230,6 @@ class KubernetesProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class GithubProviderSecret(serializers.Serializer):
-    personal_access_token = serializers.CharField(required=False)
-    oauth_app_token = serializers.CharField(required=False)
-    github_app_id = serializers.IntegerField(required=False)
-    github_app_key_content = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
    external_id = serializers.CharField()
@@ -1387,13 +1309,12 @@ class ProviderSecretUpdateSerializer(BaseWriteProviderSecretSerializer):
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "provider": {"read_only": True},
-            "secret_type": {"required": False},
+            "secret_type": {"read_only": True},
        }

    def validate(self, attrs):
        provider = self.instance.provider
-        # To allow updating a secret with the same type without making the `secret_type` mandatory
-        secret_type = attrs.get("secret_type") or self.instance.secret_type
+        secret_type = self.instance.secret_type
        secret = attrs.get("secret")

        validated_attrs = super().validate(attrs)
@@ -1950,16 +1871,6 @@ class ScheduleDailyCreateSerializer(serializers.Serializer):


 class BaseWriteIntegrationSerializer(BaseWriteSerializer):
-    def validate(self, attrs):
-        if Integration.objects.filter(
-            configuration=attrs.get("configuration")
-        ).exists():
-            raise serializers.ValidationError(
-                {"name": "This integration already exists."}
-            )
-
-        return super().validate(attrs)
-
    @staticmethod
    def validate_integration_data(
        integration_type: str,
@@ -1967,7 +1878,7 @@ class BaseWriteIntegrationSerializer(BaseWriteSerializer):
        configuration: dict,
        credentials: dict,
    ):
-        if integration_type == Integration.IntegrationChoices.AMAZON_S3:
+        if integration_type == Integration.IntegrationChoices.S3:
            config_serializer = S3ConfigSerializer
            credentials_serializers = [AWSCredentialSerializer]
            # TODO: This will be required for AWS Security Hub
@@ -1985,11 +1896,7 @@ class BaseWriteIntegrationSerializer(BaseWriteSerializer):
                }
            )

-        serializer_instance = config_serializer(data=configuration)
-        serializer_instance.is_valid(raise_exception=True)
-
-        # Apply the validated (and potentially transformed) data back to configuration
-        configuration.update(serializer_instance.validated_data)
+        config_serializer(data=configuration).is_valid(raise_exception=True)

        for cred_serializer in credentials_serializers:
            try:
@@ -2068,6 +1975,7 @@ class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "connected": {"read_only": True},
+            "enabled": {"read_only": True},
            "connection_last_checked_at": {"read_only": True},
        }

@@ -2077,10 +1985,10 @@ class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
        configuration = attrs.get("configuration")
        credentials = attrs.get("credentials")

+        validated_attrs = super().validate(attrs)
        self.validate_integration_data(
            integration_type, providers, configuration, credentials
        )
-        validated_attrs = super().validate(attrs)
        return validated_attrs

    def create(self, validated_data):
@@ -2131,7 +2039,6 @@ class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
        }

    def validate(self, attrs):
-        super().validate(attrs)
        integration_type = self.instance.integration_type
        providers = attrs.get("providers")
        configuration = attrs.get("configuration") or self.instance.configuration
@@ -2158,128 +2065,6 @@ class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
        return super().update(instance, validated_data)


-# Processors
-
-
-class ProcessorSerializer(RLSSerializer):
-    """
-    Serializer for the Processor model.
-    """
-
-    configuration = ProcessorConfigField()
-
-    class Meta:
-        model = Processor
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-            "url",
-        ]
-
-
-class ProcessorCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-        validators = [
-            UniqueTogetherValidator(
-                queryset=Processor.objects.all(),
-                fields=["processor_type"],
-                message="A processor with the same type already exists.",
-            )
-        ]
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = attrs.get("processor_type")
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
-class ProcessorUpdateSerializer(BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = self.instance.processor_type
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
 # SSO


@@ -1,11 +1,9 @@
-from allauth.socialaccount.providers.saml.views import ACSView, MetadataView, SLSView
 from django.urls import include, path
 from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers

 from api.v1.views import (
    ComplianceOverviewViewSet,
-    CustomSAMLLoginView,
    CustomTokenObtainView,
    CustomTokenRefreshView,
    CustomTokenSwitchTenantView,
@@ -18,7 +16,6 @@ from api.v1.views import (
    LighthouseConfigViewSet,
    MembershipViewSet,
    OverviewViewSet,
-    ProcessorViewSet,
    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
    ProviderSecretViewSet,
@@ -28,7 +25,6 @@ from api.v1.views import (
    RoleViewSet,
    SAMLConfigurationViewSet,
    SAMLInitiateAPIView,
-    SAMLTokenValidateView,
    ScanViewSet,
    ScheduleViewSet,
    SchemaView,
@@ -57,7 +53,6 @@ router.register(
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
 router.register(r"integrations", IntegrationViewSet, basename="integration")
-router.register(r"processors", ProcessorViewSet, basename="processor")
 router.register(r"saml-config", SAMLConfigurationViewSet, basename="saml-config")
 router.register(
    r"lighthouse-configurations",
@@ -131,32 +126,13 @@ urlpatterns = [
    path(
        "auth/saml/initiate/", SAMLInitiateAPIView.as_view(), name="api_saml_initiate"
    ),
+    # Allauth SAML endpoints for tenants
+    path("accounts/", include("allauth.urls")),
    path(
-        "accounts/saml/<organization_slug>/login/",
-        CustomSAMLLoginView.as_view(),
-        name="saml_login",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/acs/",
-        ACSView.as_view(),
-        name="saml_acs",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/acs/finish/",
+        "api/v1/accounts/saml/<organization_slug>/acs/finish/",
        TenantFinishACSView.as_view(),
        name="saml_finish_acs",
    ),
-    path(
-        "accounts/saml/<organization_slug>/sls/",
-        SLSView.as_view(),
-        name="saml_sls",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/metadata/",
-        MetadataView.as_view(),
-        name="saml_metadata",
-    ),
-    path("tokens/saml", SAMLTokenValidateView.as_view(), name="token-saml"),
    path("tokens/google", GoogleSocialLoginView.as_view(), name="token-google"),
    path("tokens/github", GithubSocialLoginView.as_view(), name="token-github"),
    path("", include(router.urls)),
@@ -1,17 +1,14 @@
 import glob
-import logging
 import os
 from datetime import datetime, timedelta, timezone
-from urllib.parse import urljoin

 import sentry_sdk
 from allauth.socialaccount.models import SocialAccount, SocialApp
 from allauth.socialaccount.providers.github.views import GitHubOAuth2Adapter
 from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
-from allauth.socialaccount.providers.saml.views import FinishACSView, LoginView
+from allauth.socialaccount.providers.saml.views import FinishACSView
 from botocore.exceptions import ClientError, NoCredentialsError, ParamValidationError
 from celery.result import AsyncResult
-from config.custom_logging import BackendLogger
 from config.env import env
 from config.settings.social_login import (
    GITHUB_OAUTH_CALLBACK_URL,
@@ -22,9 +19,9 @@ from django.conf import settings as django_settings
 from django.contrib.postgres.aggregates import ArrayAgg
 from django.contrib.postgres.search import SearchQuery
 from django.db import transaction
-from django.db.models import Count, F, Prefetch, Q, Subquery, Sum
+from django.db.models import Count, Exists, F, OuterRef, Prefetch, Q, Sum
 from django.db.models.functions import Coalesce
-from django.http import HttpResponse
+from django.http import HttpResponse, JsonResponse
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.dateparse import parse_date
@@ -57,7 +54,6 @@ from tasks.beat import schedule_provider_scan
 from tasks.jobs.export import get_s3_client
 from tasks.tasks import (
    backfill_scan_resource_summaries_task,
-    check_integration_connection_task,
    check_lighthouse_connection_task,
    check_provider_connection_task,
    delete_provider_task,
@@ -79,9 +75,7 @@ from api.filters import (
    IntegrationFilter,
    InvitationFilter,
    LatestFindingFilter,
-    LatestResourceFilter,
    MembershipFilter,
-    ProcessorFilter,
    ProviderFilter,
    ProviderGroupFilter,
    ProviderSecretFilter,
@@ -95,13 +89,13 @@ from api.filters import (
    UserFilter,
 )
 from api.models import (
+    ComplianceOverview,
    ComplianceRequirementOverview,
    Finding,
    Integration,
    Invitation,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -109,12 +103,10 @@ from api.models import (
    Resource,
    ResourceFindingMapping,
    ResourceScanSummary,
-    ResourceTag,
    Role,
    RoleProviderGroupRelationship,
    SAMLConfiguration,
    SAMLDomainIndex,
-    SAMLToken,
    Scan,
    ScanSummary,
    SeverityChoices,
@@ -156,9 +148,6 @@ from api.v1.serializers import (
    OverviewProviderSerializer,
    OverviewServiceSerializer,
    OverviewSeveritySerializer,
-    ProcessorCreateSerializer,
-    ProcessorSerializer,
-    ProcessorUpdateSerializer,
    ProviderCreateSerializer,
    ProviderGroupCreateSerializer,
    ProviderGroupMembershipSerializer,
@@ -169,7 +158,6 @@ from api.v1.serializers import (
    ProviderSecretUpdateSerializer,
    ProviderSerializer,
    ProviderUpdateSerializer,
-    ResourceMetadataSerializer,
    ResourceSerializer,
    RoleCreateSerializer,
    RoleProviderGroupRelationshipSerializer,
@@ -195,8 +183,6 @@ from api.v1.serializers import (
    UserUpdateSerializer,
 )

-logger = logging.getLogger(BackendLogger.API)
-
 CACHE_DECORATOR = cache_control(
    max_age=django_settings.CACHE_MAX_AGE,
    stale_while_revalidate=django_settings.CACHE_STALE_WHILE_REVALIDATE,
@@ -293,7 +279,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.11.1"
+        spectacular_settings.VERSION = "1.9.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -359,11 +345,6 @@ class SchemaView(SpectacularAPIView):
                "description": "Endpoints for managing Lighthouse configurations, including creation, retrieval, "
                "updating, and deletion of configurations such as OpenAI keys, models, and business context.",
            },
-            {
-                "name": "Processor",
-                "description": "Endpoints for managing post-processors used to process Prowler findings, including "
-                "registration, configuration, and deletion of post-processing actions.",
-            },
        ]
        return super().get(request, *args, **kwargs)

@@ -420,68 +401,17 @@ class GithubSocialLoginView(SocialLoginView):
        return original_response


-@extend_schema(exclude=True)
-class SAMLTokenValidateView(GenericAPIView):
-    resource_name = "tokens"
-    http_method_names = ["post"]
-
-    def post(self, request):
-        token_id = request.query_params.get("id", "invalid")
-        try:
-            saml_token = SAMLToken.objects.using(MainRouter.admin_db).get(id=token_id)
-        except SAMLToken.DoesNotExist:
-            return Response({"detail": "Invalid token ID."}, status=404)
-
-        if saml_token.is_expired():
-            return Response({"detail": "Token expired."}, status=400)
-
-        token_data = saml_token.token
-        # Currently we don't store the tokens in the database, so we delete the token after use
-        saml_token.delete()
-
-        return Response(token_data, status=200)
-
-
-@extend_schema(exclude=True)
-class CustomSAMLLoginView(LoginView):
-    def dispatch(self, request, *args, **kwargs):
-        """
-        Convert GET requests to POST to bypass allauth's confirmation screen.
-
-        Why this is necessary:
-        - django-allauth requires POST for social logins to prevent open redirect attacks
-        - SAML login links typically use GET requests (e.g., <a href="...">)
-        - This conversion allows seamless login without user-facing confirmation
-
-        Security considerations:
-        1. Preserves CSRF protection: Original POST handling remains intact
-        2. Avoids global SOCIALACCOUNT_LOGIN_ON_GET=True which would:
-           - Enable GET logins for ALL providers (security risk)
-           - Potentially expose open redirect vulnerabilities
-        3. SAML payloads remain signed/encrypted regardless of HTTP method
-        4. No sensitive parameters are exposed in URLs (copied to POST body)
-
-        This approach maintains security while providing better UX.
-        """
-        if request.method == "GET":
-            # Convert GET to POST while preserving parameters
-            request.method = "POST"
-        return super().dispatch(request, *args, **kwargs)
-
-
@extend_schema(exclude=True)
 class SAMLInitiateAPIView(GenericAPIView):
    serializer_class = SamlInitiateSerializer
    permission_classes = []

    def post(self, request, *args, **kwargs):
-        # Validate the input payload and extract the domain
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        email = serializer.validated_data["email_domain"]
        domain = email.split("@", 1)[-1].lower()

-        # Retrieve the SAML configuration for the given email domain
        try:
            check = SAMLDomainIndex.objects.get(email_domain=domain)
            with rls_transaction(str(check.tenant_id)):
@@ -491,24 +421,20 @@ class SAMLInitiateAPIView(GenericAPIView):
                {"detail": "Unauthorized domain."}, status=status.HTTP_403_FORBIDDEN
            )

-        # Check certificates are not empty (TODO: Validate certificates)
-        # saml_public_cert = os.getenv("SAML_PUBLIC_CERT", "").strip()
-        # saml_private_key = os.getenv("SAML_PRIVATE_KEY", "").strip()
+        # Check certificates are not empty
+        saml_public_cert = os.getenv("SAML_PUBLIC_CERT", "").strip()
+        saml_private_key = os.getenv("SAML_PRIVATE_KEY", "").strip()

-        # if not saml_public_cert or not saml_private_key:
-        #     return Response(
-        #         {"detail": "SAML configuration is invalid: missing certificates."},
-        #         status=status.HTTP_403_FORBIDDEN,
-        #     )
+        if not saml_public_cert or not saml_private_key:
+            return Response(
+                {"detail": "SAML configuration is invalid: missing certificates."},
+                status=status.HTTP_403_FORBIDDEN,
+            )

-        # Build the SAML login URL using the configured API host
-        api_host = os.getenv("API_BASE_URL")
-        login_path = reverse(
+        saml_login_url = reverse(
            "saml_login", kwargs={"organization_slug": config.email_domain}
        )
-        login_url = urljoin(api_host, login_path)
-
-        return redirect(login_url)
+        return redirect(f"{saml_login_url}?email={email}")


@extend_schema_view(
@@ -566,64 +492,27 @@ class SAMLConfigurationViewSet(BaseRLSViewSet):


 class TenantFinishACSView(FinishACSView):
-    def _rollback_saml_user(self, request):
-        """Helper function to rollback SAML user if it was just created and validation fails"""
-        saml_user_id = request.session.get("saml_user_created")
-        if saml_user_id:
-            User.objects.using(MainRouter.admin_db).filter(id=saml_user_id).delete()
-            request.session.pop("saml_user_created", None)
-
    def dispatch(self, request, organization_slug):
-        try:
-            super().dispatch(request, organization_slug)
-        except Exception as e:
-            logger.error(f"SAML dispatch failed: {e}")
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
-
+        response = super().dispatch(request, organization_slug)
        user = getattr(request, "user", None)
        if not user or not user.is_authenticated:
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
+            return response

-        # Defensive check to avoid edge case failures due to inconsistent or incomplete data in the database
-        # This handles scenarios like partially deleted or missing related objects
        try:
-            check = SAMLDomainIndex.objects.get(email_domain=organization_slug)
-            with rls_transaction(str(check.tenant_id)):
-                SAMLConfiguration.objects.get(tenant_id=str(check.tenant_id))
            social_app = SocialApp.objects.get(
                provider="saml", client_id=organization_slug
            )
-            user_id = User.objects.get(email=str(user)).id
            social_account = SocialAccount.objects.get(
-                user=str(user_id), provider=social_app.provider_id
+                user=user, provider=social_app.provider
            )
-        except (
-            SAMLDomainIndex.DoesNotExist,
-            SAMLConfiguration.DoesNotExist,
-            SocialApp.DoesNotExist,
-            SocialAccount.DoesNotExist,
-            User.DoesNotExist,
-        ) as e:
-            logger.error(f"SAML user is not authenticated: {e}")
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
+        except (SocialApp.DoesNotExist, SocialAccount.DoesNotExist):
+            return response

        extra = social_account.extra_data
-        user.first_name = (
-            extra.get("firstName", [""])[0] if extra.get("firstName") else ""
-        )
-        user.last_name = extra.get("lastName", [""])[0] if extra.get("lastName") else ""
-        user.company_name = (
-            extra.get("organization", [""])[0] if extra.get("organization") else ""
-        )
+        user.first_name = extra.get("firstName", [""])[0]
+        user.last_name = extra.get("lastName", [""])[0]
+        user.company_name = extra.get("organization", [""])[0]
        user.name = f"{user.first_name} {user.last_name}".strip()
-        if user.name == "":
-            user.name = "N/A"
        user.save()

        email_domain = user.email.split("@")[-1]
@@ -632,11 +521,7 @@ class TenantFinishACSView(FinishACSView):
            .get(email_domain=email_domain)
            .tenant
        )
-        role_name = (
-            extra.get("userType", ["no_permissions"])[0].strip()
-            if extra.get("userType")
-            else "no_permissions"
-        )
+        role_name = extra.get("userType", ["saml_default_role"])[0].strip()
        try:
            role = Role.objects.using(MainRouter.admin_db).get(
                name=role_name, tenant=tenant
@@ -662,30 +547,15 @@ class TenantFinishACSView(FinishACSView):
            role=role,
            tenant_id=tenant.id,
        )
-        membership, _ = Membership.objects.using(MainRouter.admin_db).get_or_create(
-            user=user,
-            tenant=tenant,
-            defaults={
-                "user": user,
-                "tenant": tenant,
-                "role": Membership.RoleChoices.MEMBER,
-            },
-        )

-        serializer = TokenSocialLoginSerializer(
-            data={"email": user.email, "tenant_id": str(tenant.id)}
-        )
+        serializer = TokenSocialLoginSerializer(data={"email": user.email})
        serializer.is_valid(raise_exception=True)
-
-        token_data = serializer.validated_data
-        saml_token = SAMLToken.objects.using(MainRouter.admin_db).create(
-            token=token_data, user=user
+        return JsonResponse(
+            {
+                "type": "saml-social-tokens",
+                "attributes": serializer.validated_data,
+            }
        )
-        callback_url = env.str("SAML_SSO_CALLBACK_URL")
-        redirect_url = f"{callback_url}?id={saml_token.id}"
-        request.session.pop("saml_user_created", None)
-
-        return redirect(redirect_url)


@extend_schema_view(
@@ -1886,14 +1756,6 @@ class TaskViewSet(BaseRLSViewSet):
        summary="List all resources",
        description="Retrieve a list of all resources with options for filtering by various criteria. Resources are "
        "objects that are discovered by Prowler. They can be anything from a single host to a whole VPC.",
-        parameters=[
-            OpenApiParameter(
-                name="filter[updated_at]",
-                description="At least one of the variations of the `filter[updated_at]` filter must be provided.",
-                required=True,
-                type=OpenApiTypes.DATE,
-            )
-        ],
    ),
    retrieve=extend_schema(
        tags=["Resource"],
@@ -1901,43 +1763,15 @@ class TaskViewSet(BaseRLSViewSet):
        description="Fetch detailed information about a specific resource by their ID. A Resource is an object that "
        "is discovered by Prowler. It can be anything from a single host to a whole VPC.",
    ),
-    metadata=extend_schema(
-        tags=["Resource"],
-        summary="Retrieve metadata values from resources",
-        description="Fetch unique metadata values from a set of resources. This is useful for dynamic filtering.",
-        parameters=[
-            OpenApiParameter(
-                name="filter[updated_at]",
-                description="At least one of the variations of the `filter[updated_at]` filter must be provided.",
-                required=True,
-                type=OpenApiTypes.DATE,
-            )
-        ],
-        filters=True,
-    ),
-    latest=extend_schema(
-        tags=["Resource"],
-        summary="List the latest resources",
-        description="Retrieve a list of the latest resources from the latest scans for each provider with options for "
-        "filtering by various criteria.",
-        filters=True,
-    ),
-    metadata_latest=extend_schema(
-        tags=["Resource"],
-        summary="Retrieve metadata values from the latest resources",
-        description="Fetch unique metadata values from a set of resources from the latest scans for each provider. "
-        "This is useful for dynamic filtering.",
-        filters=True,
-    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
-class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
-    queryset = Resource.all_objects.all()
+class ResourceViewSet(BaseRLSViewSet):
+    queryset = Resource.objects.all()
    serializer_class = ResourceSerializer
    http_method_names = ["get"]
    filterset_class = ResourceFilter
-    ordering = ["-failed_findings_count", "-updated_at"]
+    ordering = ["-inserted_at"]
    ordering_fields = [
        "provider_uid",
        "uid",
@@ -1948,14 +1782,6 @@ class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
-    prefetch_for_includes = {
-        "__all__": [],
-        "provider": [
-            Prefetch(
-                "provider", queryset=Provider.all_objects.select_related("resources")
-            )
-        ],
-    }
    # RBAC required permissions (implicit -> MANAGE_PROVIDERS enable unlimited visibility or check the visibility of
    # the provider through the provider group)
    required_permissions = []
@@ -1964,284 +1790,41 @@ class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
        user_roles = get_role(self.request.user)
        if user_roles.unlimited_visibility:
            # User has unlimited visibility, return all scans
-            queryset = Resource.all_objects.filter(tenant_id=self.request.tenant_id)
+            queryset = Resource.objects.filter(tenant_id=self.request.tenant_id)
        else:
            # User lacks permission, filter providers based on provider groups associated with the role
-            queryset = Resource.all_objects.filter(
+            queryset = Resource.objects.filter(
                tenant_id=self.request.tenant_id, provider__in=get_providers(user_roles)
            )

        search_value = self.request.query_params.get("filter[search]", None)
        if search_value:
+            # Django's ORM will build a LEFT JOIN and OUTER JOIN on the "through" table, resulting in duplicates
+            # The duplicates then require a `distinct` query
            search_query = SearchQuery(
                search_value, config="simple", search_type="plain"
            )
            queryset = queryset.filter(
-                Q(text_search=search_query) | Q(tags__text_search=search_query)
+                Q(tags__key=search_value)
+                | Q(tags__value=search_value)
+                | Q(tags__text_search=search_query)
+                | Q(tags__key__contains=search_value)
+                | Q(tags__value__contains=search_value)
+                | Q(uid=search_value)
+                | Q(name=search_value)
+                | Q(region=search_value)
+                | Q(service=search_value)
+                | Q(type=search_value)
+                | Q(text_search=search_query)
+                | Q(uid__contains=search_value)
+                | Q(name__contains=search_value)
+                | Q(region__contains=search_value)
+                | Q(service__contains=search_value)
+                | Q(type__contains=search_value)
            ).distinct()

        return queryset

-    def _optimize_tags_loading(self, queryset):
-        """Optimize tags loading with prefetch_related to avoid N+1 queries"""
-        # Use prefetch_related to load all tags in a single query
-        return queryset.prefetch_related(
-            Prefetch(
-                "tags",
-                queryset=ResourceTag.objects.filter(
-                    tenant_id=self.request.tenant_id
-                ).select_related(),
-                to_attr="prefetched_tags",
-            )
-        )
-
-    def _should_prefetch_findings(self) -> bool:
-        fields_param = self.request.query_params.get("fields[resources]", "")
-        include_param = self.request.query_params.get("include", "")
-        return (
-            fields_param == ""
-            or "findings" in fields_param.split(",")
-            or "findings" in include_param.split(",")
-        )
-
-    def _get_findings_prefetch(self):
-        findings_queryset = Finding.all_objects.defer("scan", "resources").filter(
-            tenant_id=self.request.tenant_id
-        )
-        return [Prefetch("findings", queryset=findings_queryset)]
-
-    def get_serializer_class(self):
-        if self.action in ["metadata", "metadata_latest"]:
-            return ResourceMetadataSerializer
-        return super().get_serializer_class()
-
-    def get_filterset_class(self):
-        if self.action in ["latest", "metadata_latest"]:
-            return LatestResourceFilter
-        return ResourceFilter
-
-    def filter_queryset(self, queryset):
-        # Do not apply filters when retrieving specific resource
-        if self.action == "retrieve":
-            return queryset
-        return super().filter_queryset(queryset)
-
-    def list(self, request, *args, **kwargs):
-        filtered_queryset = self.filter_queryset(self.get_queryset())
-        return self.paginate_by_pk(
-            request,
-            filtered_queryset,
-            manager=Resource.all_objects,
-            select_related=["provider"],
-            prefetch_related=(
-                self._get_findings_prefetch()
-                if self._should_prefetch_findings()
-                else []
-            ),
-        )
-
-    def retrieve(self, request, *args, **kwargs):
-        queryset = self._optimize_tags_loading(self.get_queryset())
-        instance = get_object_or_404(queryset, pk=kwargs.get("pk"))
-        mapping_ids = list(
-            ResourceFindingMapping.objects.filter(
-                resource=instance, tenant_id=request.tenant_id
-            ).values_list("finding_id", flat=True)
-        )
-        latest_findings = (
-            Finding.all_objects.filter(id__in=mapping_ids, tenant_id=request.tenant_id)
-            .order_by("uid", "-inserted_at")
-            .distinct("uid")
-        )
-        setattr(instance, "latest_findings", latest_findings)
-        serializer = self.get_serializer(instance)
-        return Response(serializer.data, status=status.HTTP_200_OK)
-
-    @action(detail=False, methods=["get"], url_name="latest")
-    def latest(self, request):
-        tenant_id = request.tenant_id
-        filtered_queryset = self.filter_queryset(self.get_queryset())
-
-        latest_scans = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id,
-                state=StateChoices.COMPLETED,
-            )
-            .order_by("provider_id", "-inserted_at")
-            .distinct("provider_id")
-            .values("provider_id")
-        )
-
-        filtered_queryset = filtered_queryset.filter(
-            provider_id__in=Subquery(latest_scans)
-        )
-
-        return self.paginate_by_pk(
-            request,
-            filtered_queryset,
-            manager=Resource.all_objects,
-            select_related=["provider"],
-            prefetch_related=(
-                self._get_findings_prefetch()
-                if self._should_prefetch_findings()
-                else []
-            ),
-        )
-
-    @action(detail=False, methods=["get"], url_name="metadata")
-    def metadata(self, request):
-        # Force filter validation
-        self.filter_queryset(self.get_queryset())
-
-        tenant_id = request.tenant_id
-        query_params = request.query_params
-
-        queryset = ResourceScanSummary.objects.filter(tenant_id=tenant_id)
-
-        if scans := query_params.get("filter[scan__in]") or query_params.get(
-            "filter[scan]"
-        ):
-            queryset = queryset.filter(scan_id__in=scans.split(","))
-        else:
-            exact = query_params.get("filter[inserted_at]")
-            gte = query_params.get("filter[inserted_at__gte]")
-            lte = query_params.get("filter[inserted_at__lte]")
-
-            date_filters = {}
-            if exact:
-                date = parse_date(exact)
-                datetime_start = datetime.combine(
-                    date, datetime.min.time(), tzinfo=timezone.utc
-                )
-                datetime_end = datetime_start + timedelta(days=1)
-                date_filters["scan_id__gte"] = uuid7_start(
-                    datetime_to_uuid7(datetime_start)
-                )
-                date_filters["scan_id__lt"] = uuid7_start(
-                    datetime_to_uuid7(datetime_end)
-                )
-            else:
-                if gte:
-                    date_start = parse_date(gte)
-                    datetime_start = datetime.combine(
-                        date_start, datetime.min.time(), tzinfo=timezone.utc
-                    )
-                    date_filters["scan_id__gte"] = uuid7_start(
-                        datetime_to_uuid7(datetime_start)
-                    )
-                if lte:
-                    date_end = parse_date(lte)
-                    datetime_end = datetime.combine(
-                        date_end + timedelta(days=1),
-                        datetime.min.time(),
-                        tzinfo=timezone.utc,
-                    )
-                    date_filters["scan_id__lt"] = uuid7_start(
-                        datetime_to_uuid7(datetime_end)
-                    )
-
-            if date_filters:
-                queryset = queryset.filter(**date_filters)
-
-        if service_filter := query_params.get("filter[service]") or query_params.get(
-            "filter[service__in]"
-        ):
-            queryset = queryset.filter(service__in=service_filter.split(","))
-        if region_filter := query_params.get("filter[region]") or query_params.get(
-            "filter[region__in]"
-        ):
-            queryset = queryset.filter(region__in=region_filter.split(","))
-        if resource_type_filter := query_params.get("filter[type]") or query_params.get(
-            "filter[type__in]"
-        ):
-            queryset = queryset.filter(
-                resource_type__in=resource_type_filter.split(",")
-            )
-
-        services = list(
-            queryset.values_list("service", flat=True).distinct().order_by("service")
-        )
-        regions = list(
-            queryset.values_list("region", flat=True).distinct().order_by("region")
-        )
-        resource_types = list(
-            queryset.values_list("resource_type", flat=True)
-            .exclude(resource_type__isnull=True)
-            .exclude(resource_type__exact="")
-            .distinct()
-            .order_by("resource_type")
-        )
-
-        result = {
-            "services": services,
-            "regions": regions,
-            "types": resource_types,
-        }
-
-        serializer = self.get_serializer(data=result)
-        serializer.is_valid(raise_exception=True)
-        return Response(serializer.data)
-
-    @action(
-        detail=False,
-        methods=["get"],
-        url_name="metadata_latest",
-        url_path="metadata/latest",
-    )
-    def metadata_latest(self, request):
-        tenant_id = request.tenant_id
-        query_params = request.query_params
-
-        latest_scans_queryset = (
-            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
-            .order_by("provider_id", "-inserted_at")
-            .distinct("provider_id")
-        )
-
-        queryset = ResourceScanSummary.objects.filter(
-            tenant_id=tenant_id,
-            scan_id__in=latest_scans_queryset.values_list("id", flat=True),
-        )
-
-        if service_filter := query_params.get("filter[service]") or query_params.get(
-            "filter[service__in]"
-        ):
-            queryset = queryset.filter(service__in=service_filter.split(","))
-        if region_filter := query_params.get("filter[region]") or query_params.get(
-            "filter[region__in]"
-        ):
-            queryset = queryset.filter(region__in=region_filter.split(","))
-        if resource_type_filter := query_params.get("filter[type]") or query_params.get(
-            "filter[type__in]"
-        ):
-            queryset = queryset.filter(
-                resource_type__in=resource_type_filter.split(",")
-            )
-
-        services = list(
-            queryset.values_list("service", flat=True).distinct().order_by("service")
-        )
-        regions = list(
-            queryset.values_list("region", flat=True).distinct().order_by("region")
-        )
-        resource_types = list(
-            queryset.values_list("resource_type", flat=True)
-            .exclude(resource_type__isnull=True)
-            .exclude(resource_type__exact="")
-            .distinct()
-            .order_by("resource_type")
-        )
-
-        result = {
-            "services": services,
-            "regions": regions,
-            "types": resource_types,
-        }
-
-        serializer = self.get_serializer(data=result)
-        serializer.is_valid(raise_exception=True)
-        return Response(serializer.data)
-

@extend_schema_view(
    list=extend_schema(
@@ -2360,7 +1943,17 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
                search_value, config="simple", search_type="plain"
            )

-            queryset = queryset.filter(text_search=search_query)
+            resource_match = Resource.all_objects.filter(
+                text_search=search_query,
+                id__in=ResourceFindingMapping.objects.filter(
+                    resource_id=OuterRef("pk"),
+                    tenant_id=tenant_id,
+                ).values("resource_id"),
+            )
+
+            queryset = queryset.filter(
+                Q(text_search=search_query) | Q(Exists(resource_match))
+            )

        return queryset

@@ -2463,12 +2056,9 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):

        # ToRemove: Temporary fallback mechanism
        if not queryset.exists():
-            raw_scans_ids = Scan.objects.filter(
+            scan_ids = Scan.objects.filter(
                tenant_id=tenant_id, **scan_based_filters
-            ).values_list("id", "unique_resource_count")
-            scan_ids = [
-                scan_id for scan_id, count in raw_scans_ids if count and count > 0
-            ]
+            ).values_list("id", flat=True)
            for scan_id in scan_ids:
                backfill_scan_resource_summaries_task.apply_async(
                    kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
@@ -2554,12 +2144,7 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
        )
-        raw_latest_scans_ids = list(
-            latest_scans_queryset.values_list("id", "unique_resource_count")
-        )
-        latest_scans_ids = [
-            scan_id for scan_id, count in raw_latest_scans_ids if count and count > 0
-        ]
+        latest_scans_ids = list(latest_scans_queryset.values_list("id", flat=True))

        queryset = ResourceScanSummary.objects.filter(
            tenant_id=tenant_id,
@@ -3453,9 +3038,9 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
        return Response(serializer.data, status=status.HTTP_200_OK)


-@extend_schema(tags=["Overview"])
@extend_schema_view(
-    providers=extend_schema(
+    list=extend_schema(
+        tags=["Overview"],
        summary="Get aggregated provider data",
        description=(
            "Retrieve an aggregated overview of findings and resources grouped by providers. "
@@ -3496,7 +3081,7 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
 )
@method_decorator(CACHE_DECORATOR, name="list")
 class OverviewViewSet(BaseRLSViewSet):
-    queryset = ScanSummary.objects.all()
+    queryset = ComplianceOverview.objects.all()
    http_method_names = ["get"]
    ordering = ["-inserted_at"]
    # RBAC required permissions (implicit -> MANAGE_PROVIDERS enable unlimited visibility or check the visibility of
@@ -3507,10 +3092,19 @@ class OverviewViewSet(BaseRLSViewSet):
        role = get_role(self.request.user)
        providers = get_providers(role)

-        if not role.unlimited_visibility:
-            self.allowed_providers = providers
+        def _get_filtered_queryset(model):
+            if role.unlimited_visibility:
+                return model.all_objects.filter(tenant_id=self.request.tenant_id)
+            return model.all_objects.filter(
+                tenant_id=self.request.tenant_id, scan__provider__in=providers
+            )

-        return ScanSummary.all_objects.filter(tenant_id=self.request.tenant_id)
+        if self.action == "providers":
+            return _get_filtered_queryset(Finding)
+        elif self.action in ("findings", "findings_severity", "services"):
+            return _get_filtered_queryset(ScanSummary)
+        else:
+            return super().get_queryset()

    def get_serializer_class(self):
        if self.action == "providers":
@@ -3543,24 +3137,18 @@ class OverviewViewSet(BaseRLSViewSet):
    @action(detail=False, methods=["get"], url_name="providers")
    def providers(self, request):
        tenant_id = self.request.tenant_id
-        queryset = self.get_queryset()
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
        )

        findings_aggregated = (
-            queryset.filter(scan_id__in=latest_scan_ids)
+            ScanSummary.all_objects.filter(
+                tenant_id=tenant_id, scan_id__in=latest_scan_ids
+            )
            .values(
                "scan__provider_id",
                provider=F("scan__provider__provider"),
@@ -3596,7 +3184,7 @@ class OverviewViewSet(BaseRLSViewSet):
            )

        return Response(
-            self.get_serializer(overview, many=True).data,
+            OverviewProviderSerializer(overview, many=True).data,
            status=status.HTTP_200_OK,
        )

@@ -3605,16 +3193,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3651,16 +3232,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3680,7 +3254,7 @@ class OverviewViewSet(BaseRLSViewSet):
        for item in severity_counts:
            severity_data[item["severity"]] = item["count"]

-        serializer = self.get_serializer(severity_data)
+        serializer = OverviewSeveritySerializer(severity_data)
        return Response(serializer.data, status=status.HTTP_200_OK)

    @action(detail=False, methods=["get"], url_name="services")
@@ -3688,16 +3262,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3715,12 +3282,11 @@ class OverviewViewSet(BaseRLSViewSet):
            .order_by("service")
        )

-        serializer = self.get_serializer(services_data, many=True)
+        serializer = OverviewServiceSerializer(services_data, many=True)

        return Response(serializer.data, status=status.HTTP_200_OK)


-@extend_schema(tags=["Schedule"])
@extend_schema_view(
    daily=extend_schema(
        summary="Create a daily schedule scan for a given provider",
@@ -3839,32 +3405,6 @@ class IntegrationViewSet(BaseRLSViewSet):
        context["allowed_providers"] = self.allowed_providers
        return context

-    @extend_schema(
-        tags=["Integration"],
-        summary="Check integration connection",
-        description="Try to verify integration connection",
-        request=None,
-        responses={202: OpenApiResponse(response=TaskSerializer)},
-    )
-    @action(detail=True, methods=["post"], url_name="connection")
-    def connection(self, request, pk=None):
-        get_object_or_404(Integration, pk=pk)
-        with transaction.atomic():
-            task = check_integration_connection_task.delay(
-                integration_id=pk, tenant_id=self.request.tenant_id
-            )
-        prowler_task = Task.objects.get(id=task.id)
-        serializer = TaskSerializer(prowler_task)
-        return Response(
-            data=serializer.data,
-            status=status.HTTP_202_ACCEPTED,
-            headers={
-                "Content-Location": reverse(
-                    "task-detail", kwargs={"pk": prowler_task.id}
-                )
-            },
-        )
-

@extend_schema_view(
    list=extend_schema(
@@ -3941,54 +3481,3 @@ class LighthouseConfigViewSet(BaseRLSViewSet):
                )
            },
        )
-
-
-@extend_schema_view(
-    list=extend_schema(
-        tags=["Processor"],
-        summary="List all processors",
-        description="Retrieve a list of all configured processors with options for filtering by various criteria.",
-    ),
-    retrieve=extend_schema(
-        tags=["Processor"],
-        summary="Retrieve processor details",
-        description="Fetch detailed information about a specific processor by its ID.",
-    ),
-    create=extend_schema(
-        tags=["Processor"],
-        summary="Create a new processor",
-        description="Register a new processor with the system, providing necessary configuration details. There can "
-        "only be one processor of each type per tenant.",
-    ),
-    partial_update=extend_schema(
-        tags=["Processor"],
-        summary="Partially update a processor",
-        description="Modify certain fields of an existing processor without affecting other settings.",
-    ),
-    destroy=extend_schema(
-        tags=["Processor"],
-        summary="Delete a processor",
-        description="Remove a processor from the system by its ID.",
-    ),
-)
-@method_decorator(CACHE_DECORATOR, name="list")
-@method_decorator(CACHE_DECORATOR, name="retrieve")
-class ProcessorViewSet(BaseRLSViewSet):
-    queryset = Processor.objects.all()
-    serializer_class = ProcessorSerializer
-    http_method_names = ["get", "post", "patch", "delete"]
-    filterset_class = ProcessorFilter
-    ordering = ["processor_type", "-inserted_at"]
-    # RBAC required permissions
-    required_permissions = [Permissions.MANAGE_ACCOUNT]
-
-    def get_queryset(self):
-        queryset = Processor.objects.filter(tenant_id=self.request.tenant_id)
-        return queryset
-
-    def get_serializer_class(self):
-        if self.action == "create":
-            return ProcessorCreateSerializer
-        elif self.action == "partial_update":
-            return ProcessorUpdateSerializer
-        return super().get_serializer_class()
@@ -1,5 +1,3 @@
-import string
-
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext as _

@@ -22,89 +20,3 @@ class MaximumLengthValidator:
        return _(
            f"Your password must contain no more than {self.max_length} characters."
        )
-
-
-class SpecialCharactersValidator:
-    def __init__(self, special_characters=None, min_special_characters=1):
-        # Use string.punctuation if no custom characters provided
-        self.special_characters = special_characters or string.punctuation
-        self.min_special_characters = min_special_characters
-
-    def validate(self, password, user=None):
-        if (
-            sum(1 for char in password if char in self.special_characters)
-            < self.min_special_characters
-        ):
-            raise ValidationError(
-                _("This password must contain at least one special character."),
-                code="password_no_special_characters",
-                params={
-                    "special_characters": self.special_characters,
-                    "min_special_characters": self.min_special_characters,
-                },
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least one special character from: {self.special_characters}"
-        )
-
-
-class UppercaseValidator:
-    def __init__(self, min_uppercase=1):
-        self.min_uppercase = min_uppercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isupper()) < self.min_uppercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_uppercase)d uppercase letter."
-                ),
-                code="password_no_uppercase_letters",
-                params={"min_uppercase": self.min_uppercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_uppercase} uppercase letter."
-        )
-
-
-class LowercaseValidator:
-    def __init__(self, min_lowercase=1):
-        self.min_lowercase = min_lowercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.islower()) < self.min_lowercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_lowercase)d lowercase letter."
-                ),
-                code="password_no_lowercase_letters",
-                params={"min_lowercase": self.min_lowercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_lowercase} lowercase letter."
-        )
-
-
-class NumericValidator:
-    def __init__(self, min_numeric=1):
-        self.min_numeric = min_numeric
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isdigit()) < self.min_numeric:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_numeric)d numeric character."
-                ),
-                code="password_no_numeric_characters",
-                params={"min_numeric": self.min_numeric},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_numeric} numeric character."
-        )
@@ -11,7 +11,6 @@ SECRET_KEY = env("SECRET_KEY", default="secret")
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
-USE_X_FORWARDED_HOST = True

 # Application definition

@@ -159,30 +158,6 @@ AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
-    {
-        "NAME": "api.validators.SpecialCharactersValidator",
-        "OPTIONS": {
-            "min_special_characters": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.UppercaseValidator",
-        "OPTIONS": {
-            "min_uppercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.LowercaseValidator",
-        "OPTIONS": {
-            "min_lowercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.NumericValidator",
-        "OPTIONS": {
-            "min_numeric": 1,
-        },
-    },
 ]

 SIMPLE_JWT = {
@@ -273,7 +248,3 @@ X_FRAME_OPTIONS = "DENY"
 SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"

 DJANGO_DELETION_BATCH_SIZE = env.int("DJANGO_DELETION_BATCH_SIZE", 5000)
-
-# SAML requirement
-CSRF_COOKIE_SECURE = True
-SESSION_COOKIE_SECURE = True
@@ -4,7 +4,6 @@ from config.env import env
 IGNORED_EXCEPTIONS = [
    # Provider is not connected due to credentials errors
    "is not connected",
-    "ProviderConnectionError",
    # Authentication Errors from AWS
    "InvalidToken",
    "AccessDeniedException",
@@ -17,7 +16,7 @@ IGNORED_EXCEPTIONS = [
    "InternalServerErrorException",
    "AccessDenied",
    "No Shodan API Key",  # Shodan Check
-    "RequestLimitExceeded",  # For now, we don't want to log the RequestLimitExceeded errors
+    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
    "ThrottlingException",
    "Rate exceeded",
    "SubscriptionRequiredException",
@@ -43,9 +42,7 @@ IGNORED_EXCEPTIONS = [
    "AWSAccessKeyIDInvalidError",
    "AWSSessionTokenExpiredError",
    "EndpointConnectionError",  # AWS Service is not available in a region
-    # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an
-    # unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    "Pool is closed",
+    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
    # Authentication Errors from GCP
    "ClientAuthenticationError",
    "AuthorizationFailed",
@@ -69,15 +66,12 @@ IGNORED_EXCEPTIONS = [
    "AzureClientIdAndClientSecretNotBelongingToTenantIdError",
    "AzureHTTPResponseError",
    "Error with credentials provided",
-    # PowerShell Errors in User Authentication
-    "Microsoft Teams User Auth connection failed: Please check your permissions and try again.",
-    "Exchange Online User Auth connection failed: Please check your permissions and try again.",
 ]


 def before_send(event, hint):
    """
-    before_send handles the Sentry events in order to send them or not
+    before_send handles the Sentry events in order to sent them or not
    """
    # Ignore logs with the ignored_exceptions
    # https://docs.python.org/3/library/logging.html#logrecord-objects
@@ -25,18 +25,9 @@ SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
 SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
 SOCIALACCOUNT_ADAPTER = "api.adapters.ProwlerSocialAccountAdapter"

-
-# def inline(pem: str) -> str:
-#     return "".join(
-#         line.strip()
-#         for line in pem.splitlines()
-#         if "CERTIFICATE" not in line and "KEY" not in line
-#     )
-
-
-# # SAML keys (TODO: Validate certificates)
-# SAML_PUBLIC_CERT = inline(env("SAML_PUBLIC_CERT", default=""))
-# SAML_PRIVATE_KEY = inline(env("SAML_PRIVATE_KEY", default=""))
+# SAML keys
+SAML_PUBLIC_CERT = env("SAML_PUBLIC_CERT", default="")
+SAML_PRIVATE_KEY = env("SAML_PRIVATE_KEY", default="")

 SOCIALACCOUNT_PROVIDERS = {
    "google": {
@@ -69,14 +60,12 @@ SOCIALACCOUNT_PROVIDERS = {
            "entity_id": "urn:prowler.com:sp",
        },
        "advanced": {
-            # TODO: Validate certificates
-            # "x509cert": SAML_PUBLIC_CERT,
-            # "private_key": SAML_PRIVATE_KEY,
-            # "authn_request_signed": True,
-            # "want_message_signed": True,
-            # "want_assertion_signed": True,
-            "reject_idp_initiated_sso": False,
+            "x509cert": SAML_PUBLIC_CERT,
+            "private_key": SAML_PRIVATE_KEY,
            "name_id_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+            "authn_request_signed": True,
+            "want_assertion_signed": True,
+            "want_message_signed": True,
        },
    },
 }
@@ -23,13 +23,11 @@ from api.models import (
    Invitation,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
-    ResourceTagMapping,
    Role,
    SAMLConfiguration,
    SAMLDomainIndex,
@@ -46,19 +44,12 @@ from api.v1.serializers import TokenSerializer
 from prowler.lib.check.models import Severity
 from prowler.lib.outputs.finding import Status

-TODAY = str(datetime.today().date())
 API_JSON_CONTENT_TYPE = "application/vnd.api+json"
 NO_TENANT_HTTP_STATUS = status.HTTP_401_UNAUTHORIZED
 TEST_USER = "dev@prowler.com"
 TEST_PASSWORD = "testing_psswd"


-def today_after_n_days(n_days: int) -> str:
-    return datetime.strftime(
-        datetime.today().date() + timedelta(days=n_days), "%Y-%m-%d"
-    )
-
-
@pytest.fixture(scope="module")
 def enforce_test_user_db_connection(django_db_setup, django_db_blocker):
    """Ensure tests use the test user for database connections."""
@@ -390,27 +381,8 @@ def providers_fixture(tenants_fixture):
        tenant_id=tenant.id,
        scanner_args={"key1": "value1", "key2": {"key21": "value21"}},
    )
-    provider6 = Provider.objects.create(
-        provider="m365",
-        uid="m365.test.com",
-        alias="m365_testing",
-        tenant_id=tenant.id,
-    )

-    return provider1, provider2, provider3, provider4, provider5, provider6
-
-
-@pytest.fixture
-def processor_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-    processor = Processor.objects.create(
-        tenant_id=tenant.id,
-        processor_type="mutelist",
-        configuration="Mutelist:\n  Accounts:\n    *:\n      Checks:\n        iam_user_hardware_mfa_enabled:\n         "
-        " Regions:\n            - *\n          Resources:\n            - *",
-    )
-
-    return processor
+    return provider1, provider2, provider3, provider4, provider5


@pytest.fixture
@@ -662,7 +634,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
-            "servicename": "ec2",
        },
        first_seen_at="2024-01-02T00:00:00Z",
    )
@@ -689,7 +660,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
-            "servicename": "s3",
        },
        first_seen_at="2024-01-02T00:00:00Z",
        muted=True,
@@ -1065,7 +1035,7 @@ def integrations_fixture(providers_fixture):
        enabled=True,
        connected=True,
        integration_type="amazon_s3",
-        configuration={"key": "value1"},
+        configuration={"key": "value"},
        credentials={"psswd": "1234"},
    )
    IntegrationProviderRelationship.objects.create(
@@ -1145,73 +1115,10 @@ def latest_scan_finding(authenticated_client, providers_fixture, resources_fixtu
    return finding


-@pytest.fixture(scope="function")
-def latest_scan_resource(authenticated_client, providers_fixture):
-    provider = providers_fixture[0]
-    tenant_id = str(providers_fixture[0].tenant_id)
-    scan = Scan.objects.create(
-        name="latest completed scan for resource",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant_id=tenant_id,
-    )
-    resource = Resource.objects.create(
-        tenant_id=tenant_id,
-        provider=provider,
-        uid="latest_resource_uid",
-        name="Latest Resource",
-        region="us-east-1",
-        service="ec2",
-        type="instance",
-        metadata='{"test": "metadata"}',
-        details='{"test": "details"}',
-    )
-
-    resource_tag = ResourceTag.objects.create(
-        tenant_id=tenant_id,
-        key="environment",
-        value="test",
-    )
-    ResourceTagMapping.objects.create(
-        tenant_id=tenant_id,
-        resource=resource,
-        tag=resource_tag,
-    )
-
-    finding = Finding.objects.create(
-        tenant_id=tenant_id,
-        uid="test_finding_uid_latest",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status extended ",
-        impact=Severity.critical,
-        impact_extended="test impact extended",
-        severity=Severity.critical,
-        raw_result={
-            "status": Status.FAIL,
-            "impact": Severity.critical,
-            "severity": Severity.critical,
-        },
-        tags={"test": "latest"},
-        check_id="test_check_id_latest",
-        check_metadata={
-            "CheckId": "test_check_id_latest",
-            "Description": "test description latest",
-        },
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-
-    backfill_resource_scan_summaries(tenant_id, str(scan.id))
-    return resource
-
-
@pytest.fixture
 def saml_setup(tenants_fixture):
    tenant_id = tenants_fixture[0].id
-    domain = "prowler.com"
+    domain = "example.com"

    SAMLDomainIndex.objects.create(email_domain=domain, tenant_id=tenant_id)

@@ -2,10 +2,10 @@ import json
 from datetime import datetime, timedelta, timezone

 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.tasks import perform_scheduled_scan_task

 from api.db_utils import rls_transaction
-from api.exceptions import ConflictException
 from api.models import Provider, Scan, StateChoices


@@ -24,9 +24,15 @@ def schedule_provider_scan(provider_instance: Provider):
    if PeriodicTask.objects.filter(
        interval=schedule, name=task_name, task="scan-perform-scheduled"
    ).exists():
-        raise ConflictException(
-            detail="There is already a scheduled scan for this provider.",
-            pointer="/data/attributes/provider_id",
+        raise ValidationError(
+            [
+                {
+                    "detail": "There is already a scheduled scan for this provider.",
+                    "status": 400,
+                    "source": {"pointer": "/data/attributes/provider_id"},
+                    "code": "invalid",
+                }
+            ]
        )

    with rls_transaction(tenant_id):
@@ -3,11 +3,8 @@ from datetime import datetime, timezone
 import openai
 from celery.utils.log import get_task_logger

-from api.models import Integration, LighthouseConfiguration, Provider
-from api.utils import (
-    prowler_integration_connection_test,
-    prowler_provider_connection_test,
-)
+from api.models import LighthouseConfiguration, Provider
+from api.utils import prowler_provider_connection_test

 logger = get_task_logger(__name__)

@@ -86,35 +83,3 @@ def check_lighthouse_connection(lighthouse_config_id: str):
        lighthouse_config.is_active = False
        lighthouse_config.save()
        return {"connected": False, "error": str(e), "available_models": []}
-
-
-def check_integration_connection(integration_id: str):
-    """
-    Business logic to check the connection status of an integration.
-
-    Args:
-        integration_id (str): The primary key of the Integration instance to check.
-    """
-    integration = Integration.objects.filter(pk=integration_id, enabled=True).first()
-
-    if not integration:
-        logger.info(f"Integration {integration_id} is not enabled")
-        return {"connected": False, "error": "Integration is not enabled"}
-
-    try:
-        result = prowler_integration_connection_test(integration)
-    except Exception as e:
-        logger.warning(
-            f"Unexpected exception checking {integration.integration_type} integration connection: {str(e)}"
-        )
-        raise e
-
-    # Update integration connection status
-    integration.connected = result.is_connected
-    integration.connection_last_checked_at = datetime.now(tz=timezone.utc)
-    integration.save()
-
-    return {
-        "connected": result.is_connected,
-        "error": str(result.error) if result.error else None,
-    }
@@ -8,12 +8,11 @@ from botocore.exceptions import ClientError, NoCredentialsError, ParamValidation
 from celery.utils.log import get_task_logger
 from django.conf import settings

-from api.db_utils import rls_transaction
-from api.models import Scan
 from prowler.config.config import (
    csv_file_suffix,
    html_file_suffix,
    json_ocsf_file_suffix,
+    output_file_timestamp,
 )
 from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
    AWSWellArchitected,
@@ -21,7 +20,6 @@ from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected im
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
-from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
 from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
@@ -91,12 +89,9 @@ COMPLIANCE_CLASS_MAP = {
        (lambda name: name.startswith("iso27001_"), KubernetesISO27001),
    ],
    "m365": [
+        (lambda name: name.startswith("iso27001_"), M365ISO27001),
        (lambda name: name.startswith("cis_"), M365CIS),
        (lambda name: name == "prowler_threatscore_m365", ProwlerThreatScoreM365),
-        (lambda name: name.startswith("iso27001_"), M365ISO27001),
-    ],
-    "github": [
-        (lambda name: name.startswith("cis_"), GithubCIS),
    ],
 }

@@ -172,7 +167,7 @@ def get_s3_client():
    return s3_client


-def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
+def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str:
    """
    Upload the specified ZIP file to an S3 bucket.
    If the S3 bucket environment variables are not configured,
@@ -189,7 +184,7 @@ def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
    """
    bucket = base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET
    if not bucket:
-        return
+        return None

    try:
        s3 = get_s3_client()
@@ -249,19 +244,15 @@ def _generate_output_directory(
    # Sanitize the prowler provider name to ensure it is a valid directory name
    prowler_provider_sanitized = re.sub(r"[^\w\-]", "-", prowler_provider)

-    with rls_transaction(tenant_id):
-        started_at = Scan.objects.get(id=scan_id).started_at
-
-    timestamp = started_at.strftime("%Y%m%d%H%M%S")
    path = (
        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
+        f"{prowler_provider_sanitized}-{output_file_timestamp}"
    )
    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)

    compliance_path = (
        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
+        f"{prowler_provider_sanitized}-{output_file_timestamp}"
    )
    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)

@@ -1,156 +0,0 @@
-import os
-from glob import glob
-
-from celery.utils.log import get_task_logger
-
-from api.db_utils import rls_transaction
-from api.models import Integration
-from prowler.lib.outputs.asff.asff import ASFF
-from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
-from prowler.lib.outputs.csv.csv import CSV
-from prowler.lib.outputs.html.html import HTML
-from prowler.lib.outputs.ocsf.ocsf import OCSF
-from prowler.providers.aws.lib.s3.s3 import S3
-from prowler.providers.common.models import Connection
-
-logger = get_task_logger(__name__)
-
-
-def get_s3_client_from_integration(
-    integration: Integration,
-) -> tuple[bool, S3 | Connection]:
-    """
-    Create and return a boto3 S3 client using AWS credentials from an integration.
-
-    Args:
-        integration (Integration): The integration to get the S3 client from.
-
-    Returns:
-        tuple[bool, S3 | Connection]: A tuple containing a boolean indicating if the connection was successful and the S3 client or connection object.
-    """
-    s3 = S3(
-        **integration.credentials,
-        bucket_name=integration.configuration["bucket_name"],
-        output_directory=integration.configuration["output_directory"],
-    )
-
-    connection = s3.test_connection(
-        **integration.credentials,
-        bucket_name=integration.configuration["bucket_name"],
-    )
-
-    if connection.is_connected:
-        return True, s3
-
-    return False, connection
-
-
-def upload_s3_integration(
-    tenant_id: str, provider_id: str, output_directory: str
-) -> bool:
-    """
-    Upload the specified output files to an S3 bucket from an integration.
-    Reconstructs output objects from files in the output directory instead of using serialized data.
-
-    Args:
-        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
-        provider_id (str): The provider identifier, used as part of the S3 key prefix.
-        output_directory (str): Path to the directory containing output files.
-
-    Returns:
-        bool: True if all integrations were executed, False otherwise.
-
-    Raises:
-        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
-    """
-    logger.info(f"Processing S3 integrations for provider {provider_id}")
-
-    try:
-        with rls_transaction(tenant_id):
-            integrations = list(
-                Integration.objects.filter(
-                    integrationproviderrelationship__provider_id=provider_id,
-                    integration_type=Integration.IntegrationChoices.AMAZON_S3,
-                    enabled=True,
-                )
-            )
-
-        if not integrations:
-            logger.error(f"No S3 integrations found for provider {provider_id}")
-            return False
-
-        integration_executions = 0
-        for integration in integrations:
-            try:
-                connected, s3 = get_s3_client_from_integration(integration)
-            except Exception as e:
-                logger.info(
-                    f"S3 connection failed for integration {integration.id}: {e}"
-                )
-                integration.connected = False
-                integration.save()
-                continue
-
-            if connected:
-                try:
-                    # Reconstruct generated_outputs from files in output directory
-                    # This approach scans the output directory for files and creates the appropriate
-                    # output objects based on file extensions and naming patterns.
-                    generated_outputs = {"regular": [], "compliance": []}
-
-                    # Find and recreate regular outputs (CSV, HTML, OCSF)
-                    output_file_patterns = {
-                        ".csv": CSV,
-                        ".html": HTML,
-                        ".ocsf.json": OCSF,
-                        ".asff.json": ASFF,
-                    }
-
-                    base_dir = os.path.dirname(output_directory)
-                    for extension, output_class in output_file_patterns.items():
-                        pattern = f"{output_directory}*{extension}"
-                        for file_path in glob(pattern):
-                            if os.path.exists(file_path):
-                                output = output_class(findings=[], file_path=file_path)
-                                output.create_file_descriptor(file_path)
-                                generated_outputs["regular"].append(output)
-
-                    # Find and recreate compliance outputs
-                    compliance_pattern = os.path.join(base_dir, "compliance", "*.csv")
-                    for file_path in glob(compliance_pattern):
-                        if os.path.exists(file_path):
-                            output = GenericCompliance(
-                                findings=[],
-                                compliance=None,
-                                file_path=file_path,
-                                file_extension=".csv",
-                            )
-                            output.create_file_descriptor(file_path)
-                            generated_outputs["compliance"].append(output)
-
-                    # Use send_to_bucket with recreated generated_outputs objects
-                    s3.send_to_bucket(generated_outputs)
-                except Exception as e:
-                    logger.error(
-                        f"S3 upload failed for integration {integration.id}: {e}"
-                    )
-                    continue
-                integration_executions += 1
-            else:
-                integration.connected = False
-                integration.save()
-                logger.error(
-                    f"S3 upload failed, connection failed for integration {integration.id}: {s3.error}"
-                )
-
-        result = integration_executions == len(integrations)
-        if result:
-            logger.info(
-                f"All the S3 integrations completed successfully for provider {provider_id}"
-            )
-        else:
-            logger.info(f"Some S3 integrations failed for provider {provider_id}")
-        return result
-    except Exception as e:
-        logger.error(f"S3 integrations failed for provider {provider_id}: {str(e)}")
-        return False
@@ -1,29 +1,22 @@
 import json
 import time
-from collections import defaultdict
 from copy import deepcopy
 from datetime import datetime, timezone

 from celery.utils.log import get_task_logger
 from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
 from django.db import IntegrityError, OperationalError
-from django.db.models import Case, Count, IntegerField, Prefetch, Sum, When
+from django.db.models import Case, Count, IntegerField, Sum, When
 from tasks.utils import CustomEncoder

 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import (
-    create_objects_in_batches,
-    rls_transaction,
-    update_objects_in_batches,
-)
-from api.exceptions import ProviderConnectionError
+from api.db_utils import create_objects_in_batches, rls_transaction
 from api.models import (
    ComplianceRequirementOverview,
    Finding,
-    Processor,
    Provider,
    Resource,
    ResourceScanSummary,
@@ -33,7 +26,7 @@ from api.models import (
    StateChoices,
 )
 from api.models import StatusChoices as FindingStatus
-from api.utils import initialize_prowler_provider, return_prowler_provider
+from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
 from prowler.lib.outputs.finding import Finding as ProwlerFinding
 from prowler.lib.scan.scan import Scan as ProwlerScan
@@ -108,10 +101,7 @@ def _store_resources(


 def perform_prowler_scan(
-    tenant_id: str,
-    scan_id: str,
-    provider_id: str,
-    checks_to_execute: list[str] | None = None,
+    tenant_id: str, scan_id: str, provider_id: str, checks_to_execute: list[str] = None
 ):
    """
    Perform a scan using Prowler and store the findings and resources in the database.
@@ -142,28 +132,14 @@ def perform_prowler_scan(
        scan_instance.started_at = datetime.now(tz=timezone.utc)
        scan_instance.save()

-    # Find the mutelist processor if it exists
-    with rls_transaction(tenant_id):
-        try:
-            mutelist_processor = Processor.objects.get(
-                tenant_id=tenant_id, processor_type=Processor.ProcessorChoices.MUTELIST
-            )
-        except Processor.DoesNotExist:
-            mutelist_processor = None
-        except Exception as e:
-            logger.error(f"Error processing mutelist rules: {e}")
-            mutelist_processor = None
-
    try:
        with rls_transaction(tenant_id):
            try:
-                prowler_provider = initialize_prowler_provider(
-                    provider_instance, mutelist_processor
-                )
+                prowler_provider = initialize_prowler_provider(provider_instance)
                provider_instance.connected = True
            except Exception as e:
                provider_instance.connected = False
-                exc = ProviderConnectionError(
+                exc = ValueError(
                    f"Provider {provider_instance.provider} is not connected: {e}"
                )
            finally:
@@ -173,8 +149,7 @@ def perform_prowler_scan(
                provider_instance.save()

        # If the provider is not connected, raise an exception outside the transaction.
-        # If raised within the transaction, the transaction will be rolled back and the provider will not be marked
-        # as not connected.
+        # If raised within the transaction, the transaction will be rolled back and the provider will not be marked as not connected.
        if exc:
            raise exc

@@ -183,7 +158,6 @@ def perform_prowler_scan(
        resource_cache = {}
        tag_cache = {}
        last_status_cache = {}
-        resource_failed_findings_cache = defaultdict(int)

        for progress, findings in prowler_scan.scan():
            for finding in findings:
@@ -209,9 +183,6 @@ def perform_prowler_scan(
                                    },
                                )
                                resource_cache[resource_uid] = resource_instance
-
-                                # Initialize all processed resources in the cache
-                                resource_failed_findings_cache[resource_uid] = 0
                            else:
                                resource_instance = resource_cache[resource_uid]

@@ -302,9 +273,6 @@ def perform_prowler_scan(
                    if not last_first_seen_at:
                        last_first_seen_at = datetime.now(tz=timezone.utc)

-                    # If the finding is muted at this time the reason must be the configured Mutelist
-                    muted_reason = "Muted by mutelist" if finding.muted else None
-
                    # Create the finding
                    finding_instance = Finding.objects.create(
                        tenant_id=tenant_id,
@@ -320,16 +288,10 @@ def perform_prowler_scan(
                        scan=scan_instance,
                        first_seen_at=last_first_seen_at,
                        muted=finding.muted,
-                        muted_reason=muted_reason,
                        compliance=finding.compliance,
                    )
                    finding_instance.add_resources([resource_instance])

-                    # Increment failed_findings_count cache if the finding status is FAIL and not muted
-                    if status == FindingStatus.FAIL and not finding.muted:
-                        resource_uid = finding.resource_uid
-                        resource_failed_findings_cache[resource_uid] += 1
-
                # Update scan resource summaries
                scan_resource_cache.add(
                    (
@@ -347,24 +309,6 @@ def perform_prowler_scan(

        scan_instance.state = StateChoices.COMPLETED

-        # Update failed_findings_count for all resources in batches if scan completed successfully
-        if resource_failed_findings_cache:
-            resources_to_update = []
-            for resource_uid, failed_count in resource_failed_findings_cache.items():
-                if resource_uid in resource_cache:
-                    resource_instance = resource_cache[resource_uid]
-                    resource_instance.failed_findings_count = failed_count
-                    resources_to_update.append(resource_instance)
-
-            if resources_to_update:
-                update_objects_in_batches(
-                    tenant_id=tenant_id,
-                    model=Resource,
-                    objects=resources_to_update,
-                    fields=["failed_findings_count"],
-                    batch_size=1000,
-                )
-
    except Exception as e:
        logger.error(f"Error performing scan {scan_id}: {e}")
        exception = e
@@ -417,9 +361,6 @@ def aggregate_findings(tenant_id: str, scan_id: str):
    changed, unchanged). The results are grouped by `check_id`, `service`, `severity`, and `region`.
    These aggregated metrics are then stored in the `ScanSummary` table.

-    Additionally, it updates the failed_findings_count field for each resource based on the most
-    recent findings for each finding.uid.
-
    Args:
        tenant_id (str): The ID of the tenant to which the scan belongs.
        scan_id (str): The ID of the scan for which findings need to be aggregated.
@@ -585,30 +526,21 @@ def create_compliance_requirements(tenant_id: str, scan_id: str):
        with rls_transaction(tenant_id):
            scan_instance = Scan.objects.get(pk=scan_id)
            provider_instance = scan_instance.provider
-            prowler_provider = return_prowler_provider(provider_instance)
+            prowler_provider = initialize_prowler_provider(provider_instance)

        # Get check status data by region from findings
-        findings = (
-            Finding.all_objects.filter(scan_id=scan_id, muted=False)
-            .only("id", "check_id", "status")
-            .prefetch_related(
-                Prefetch(
-                    "resources",
-                    queryset=Resource.objects.only("id", "region"),
-                    to_attr="small_resources",
-                )
-            )
-            .iterator(chunk_size=1000)
-        )
-
        check_status_by_region = {}
        with rls_transaction(tenant_id):
+            findings = Finding.objects.filter(scan_id=scan_id, muted=False)
            for finding in findings:
-                for resource in finding.small_resources:
+                # Get region from resources
+                for resource in finding.resources.all():
                    region = resource.region
-                    current_status = check_status_by_region.setdefault(region, {})
-                    if current_status.get(finding.check_id) != "FAIL":
-                        current_status[finding.check_id] = finding.status
+                    region_dict = check_status_by_region.setdefault(region, {})
+                    current_status = region_dict.get(finding.check_id)
+                    if current_status == "FAIL":
+                        continue
+                    region_dict[finding.check_id] = finding.status

        try:
            # Try to get regions from provider
@@ -2,17 +2,13 @@ from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from shutil import rmtree

-from celery import chain, group, shared_task
+from celery import chain, shared_task
 from celery.utils.log import get_task_logger
 from config.celery import RLSTask
 from config.django.base import DJANGO_FINDINGS_BATCH_SIZE, DJANGO_TMP_OUTPUT_DIRECTORY
 from django_celery_beat.models import PeriodicTask
 from tasks.jobs.backfill import backfill_resource_scan_summaries
-from tasks.jobs.connection import (
-    check_integration_connection,
-    check_lighthouse_connection,
-    check_provider_connection,
-)
+from tasks.jobs.connection import check_lighthouse_connection, check_provider_connection
 from tasks.jobs.deletion import delete_provider, delete_tenant
 from tasks.jobs.export import (
    COMPLIANCE_CLASS_MAP,
@@ -21,7 +17,6 @@ from tasks.jobs.export import (
    _generate_output_directory,
    _upload_to_s3,
 )
-from tasks.jobs.integrations import upload_s3_integration
 from tasks.jobs.scan import (
    aggregate_findings,
    create_compliance_requirements,
@@ -32,7 +27,7 @@ from tasks.utils import batched, get_next_execution_datetime
 from api.compliance import get_compliance_frameworks
 from api.db_utils import rls_transaction
 from api.decorators import set_tenant
-from api.models import Finding, Integration, Provider, Scan, ScanSummary, StateChoices
+from api.models import Finding, Provider, Scan, ScanSummary, StateChoices
 from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
 from prowler.lib.check.compliance_models import Compliance
@@ -42,30 +37,6 @@ from prowler.lib.outputs.finding import Finding as FindingOutput
 logger = get_task_logger(__name__)


-def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str):
-    """
-    Helper function to perform tasks after a scan is completed.
-
-    Args:
-        tenant_id (str): The tenant ID under which the scan was performed.
-        scan_id (str): The ID of the scan that was performed.
-        provider_id (str): The primary key of the Provider instance that was scanned.
-    """
-    create_compliance_requirements_task.apply_async(
-        kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
-    )
-    chain(
-        perform_scan_summary_task.si(tenant_id=tenant_id, scan_id=scan_id),
-        generate_outputs_task.si(
-            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
-        ),
-        check_integrations_task.si(
-            tenant_id=tenant_id,
-            provider_id=provider_id,
-        ),
-    ).apply_async()
-
-
@shared_task(base=RLSTask, name="provider-connection-check")
@set_tenant
 def check_provider_connection_task(provider_id: str):
@@ -83,18 +54,6 @@ def check_provider_connection_task(provider_id: str):
    return check_provider_connection(provider_id=provider_id)


-@shared_task(base=RLSTask, name="integration-connection-check")
-@set_tenant
-def check_integration_connection_task(integration_id: str):
-    """
-    Task to check the connection status of an integration.
-
-    Args:
-        integration_id (str): The primary key of the Integration instance to check.
-    """
-    return check_integration_connection(integration_id=integration_id)
-
-
@shared_task(
    base=RLSTask, name="provider-deletion", queue="deletion", autoretry_for=(Exception,)
 )
@@ -144,7 +103,13 @@ def perform_scan_task(
        checks_to_execute=checks_to_execute,
    )

-    _perform_scan_complete_tasks(tenant_id, scan_id, provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_id),
+        create_compliance_requirements_task.si(tenant_id=tenant_id, scan_id=scan_id),
+        generate_outputs.si(
+            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result

@@ -249,12 +214,20 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
                scheduler_task_id=periodic_task_instance.id,
            )

-    _perform_scan_complete_tasks(tenant_id, str(scan_instance.id), provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_instance.id),
+        create_compliance_requirements_task.si(
+            tenant_id=tenant_id, scan_id=str(scan_instance.id)
+        ),
+        generate_outputs.si(
+            scan_id=str(scan_instance.id), provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result


-@shared_task(name="scan-summary", queue="overview")
+@shared_task(name="scan-summary")
 def perform_scan_summary_task(tenant_id: str, scan_id: str):
    return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)

@@ -270,7 +243,7 @@ def delete_tenant_task(tenant_id: str):
    queue="scan-reports",
 )
@set_tenant(keep_tenant=True)
-def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
+def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
    """
    Process findings in batches and generate output files in multiple formats.

@@ -382,34 +355,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
    compressed = _compress_output_files(out_dir)
    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)

-    # S3 integrations (need output_directory)
-    with rls_transaction(tenant_id):
-        s3_integrations = Integration.objects.filter(
-            integrationproviderrelationship__provider_id=provider_id,
-            integration_type=Integration.IntegrationChoices.AMAZON_S3,
-            enabled=True,
-        )
-
-    if s3_integrations:
-        # Pass the output directory path to S3 integration task to reconstruct objects from files
-        s3_integration_task.apply_async(
-            kwargs={
-                "tenant_id": tenant_id,
-                "provider_id": provider_id,
-                "output_directory": out_dir,
-            }
-        ).get(
-            disable_sync_subtasks=False
-        )  # TODO: This synchronous execution is NOT recommended
-        # We're forced to do this because we need the files to exist before deletion occurs.
-        # Once we have the periodic file cleanup task implemented, we should:
-        # 1. Remove this .get() call and make it fully async
-        # 2. For Cloud deployments, develop a secondary approach where outputs are stored
-        #    directly in S3 and read from there, eliminating local file dependencies
-
    if upload_uri:
-        # TODO: We need to create a new periodic task to delete the output files
-        # This task shouldn't be responsible for deleting the output files
        try:
            rmtree(Path(compressed).parent, ignore_errors=True)
        except Exception as e:
@@ -420,10 +366,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):

    Scan.all_objects.filter(id=scan_id).update(output_location=final_location)
    logger.info(f"Scan outputs at {final_location}")
-
-    return {
-        "upload": did_upload,
-    }
+    return {"upload": did_upload}


@shared_task(name="backfill-scan-resource-summaries", queue="backfill")
@@ -438,7 +381,7 @@ def backfill_scan_resource_summaries_task(tenant_id: str, scan_id: str):
    return backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(base=RLSTask, name="scan-compliance-overviews", queue="overview")
+@shared_task(base=RLSTask, name="scan-compliance-overviews")
 def create_compliance_requirements_task(tenant_id: str, scan_id: str):
    """
    Creates detailed compliance requirement records for a scan.
@@ -471,73 +414,3 @@ def check_lighthouse_connection_task(lighthouse_config_id: str, tenant_id: str =
            - 'available_models' (list): List of available models if connection is successful.
    """
    return check_lighthouse_connection(lighthouse_config_id=lighthouse_config_id)
-
-
-@shared_task(name="integration-check")
-def check_integrations_task(tenant_id: str, provider_id: str):
-    """
-    Check and execute all configured integrations for a provider.
-
-    Args:
-        tenant_id (str): The tenant identifier
-        provider_id (str): The provider identifier
-    """
-    logger.info(f"Checking integrations for provider {provider_id}")
-
-    try:
-        with rls_transaction(tenant_id):
-            integrations = Integration.objects.filter(
-                integrationproviderrelationship__provider_id=provider_id,
-                enabled=True,
-            )
-
-            if not integrations.exists():
-                logger.info(f"No integrations configured for provider {provider_id}")
-                return {"integrations_processed": 0}
-
-        integration_tasks = []
-
-        # TODO: Add other integration types here
-        # slack_integrations = integrations.filter(
-        #     integration_type=Integration.IntegrationChoices.SLACK
-        # )
-        # if slack_integrations.exists():
-        #     integration_tasks.append(
-        #        slack_integration_task.s(
-        #            tenant_id=tenant_id,
-        #            provider_id=provider_id,
-        #        )
-        #     )
-
-    except Exception as e:
-        logger.error(f"Integration check failed for provider {provider_id}: {str(e)}")
-        return {"integrations_processed": 0, "error": str(e)}
-
-    # Execute all integration tasks in parallel if any were found
-    if integration_tasks:
-        job = group(integration_tasks)
-        job.apply_async()
-        logger.info(f"Launched {len(integration_tasks)} integration task(s)")
-
-    return {"integrations_processed": len(integration_tasks)}
-
-
-@shared_task(
-    base=RLSTask,
-    name="integration-s3",
-    queue="integrations",
-)
-def s3_integration_task(
-    tenant_id: str,
-    provider_id: str,
-    output_directory: str,
-):
-    """
-    Process S3 integrations for a provider.
-
-    Args:
-        tenant_id (str): The tenant identifier
-        provider_id (str): The provider identifier
-        output_directory (str): Path to the directory containing output files
-    """
-    return upload_s3_integration(tenant_id, provider_id, output_directory)
@@ -3,9 +3,9 @@ from unittest.mock import patch

 import pytest
 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.beat import schedule_provider_scan

-from api.exceptions import ConflictException
 from api.models import Scan


@@ -48,29 +48,10 @@ class TestScheduleProviderScan:
        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
            schedule_provider_scan(provider_instance)

-        # Now, try scheduling again, should raise ConflictException
-        with pytest.raises(ConflictException) as exc_info:
+        # Now, try scheduling again, should raise ValidationError
+        with pytest.raises(ValidationError) as exc_info:
            schedule_provider_scan(provider_instance)

        assert "There is already a scheduled scan for this provider." in str(
            exc_info.value
        )
-
-    def test_remove_periodic_task(self, providers_fixture):
-        provider_instance = providers_fixture[0]
-
-        assert Scan.objects.count() == 0
-        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
-            schedule_provider_scan(provider_instance)
-
-        assert Scan.objects.count() == 1
-        scan = Scan.objects.first()
-        periodic_task = scan.scheduler_task
-        assert periodic_task is not None
-
-        periodic_task.delete()
-
-        scan.refresh_from_db()
-        # Assert the scan still exists but its scheduler_task is set to None
-        # Otherwise, Scan.DoesNotExist would be raised
-        assert Scan.objects.get(id=scan.id).scheduler_task is None
@@ -1,15 +1,10 @@
-import uuid
 from datetime import datetime, timezone
 from unittest.mock import MagicMock, patch

 import pytest
-from tasks.jobs.connection import (
-    check_integration_connection,
-    check_lighthouse_connection,
-    check_provider_connection,
-)
+from tasks.jobs.connection import check_lighthouse_connection, check_provider_connection

-from api.models import Integration, LighthouseConfiguration, Provider
+from api.models import LighthouseConfiguration, Provider


@pytest.mark.parametrize(
@@ -132,128 +127,3 @@ def test_check_lighthouse_connection_missing_api_key(mock_lighthouse_get):
    assert result["available_models"] == []
    assert mock_lighthouse_instance.is_active is False
    mock_lighthouse_instance.save.assert_called_once()
-
-
-@pytest.mark.django_db
-class TestCheckIntegrationConnection:
-    def setup_method(self):
-        self.integration_id = str(uuid.uuid4())
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_success(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test successful integration connection check with enabled=True filter."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-        mock_integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        mock_connection_result = MagicMock()
-        mock_connection_result.is_connected = True
-        mock_connection_result.error = None
-        mock_prowler_test.return_value = mock_connection_result
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-        mock_prowler_test.assert_called_once_with(mock_integration)
-
-        # Verify the integration properties were updated
-        assert mock_integration.connected is True
-        assert mock_integration.connection_last_checked_at is not None
-        mock_integration.save.assert_called_once()
-
-        # Verify the return value
-        assert result["connected"] is True
-        assert result["error"] is None
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_failure(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test failed integration connection check."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        test_error = Exception("Connection failed")
-        mock_connection_result = MagicMock()
-        mock_connection_result.is_connected = False
-        mock_connection_result.error = test_error
-        mock_prowler_test.return_value = mock_connection_result
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-
-        # Verify the integration properties were updated
-        assert mock_integration.connected is False
-        assert mock_integration.connection_last_checked_at is not None
-        mock_integration.save.assert_called_once()
-
-        # Verify the return value
-        assert result["connected"] is False
-        assert result["error"] == str(test_error)
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    def test_check_integration_connection_not_enabled(self, mock_integration_filter):
-        """Test that disabled integrations return proper error response."""
-        # Mock that no enabled integration is found
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = None
-        mock_integration_filter.return_value = mock_queryset
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify the filter was called with enabled=True
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-
-        # Verify the return value matches the expected error response
-        assert result["connected"] is False
-        assert result["error"] == "Integration is not enabled"
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_exception(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test integration connection check when prowler test raises exception."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        test_exception = Exception("Unexpected error during connection test")
-        mock_prowler_test.side_effect = test_exception
-
-        with pytest.raises(Exception, match="Unexpected error during connection test"):
-            check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-        mock_prowler_test.assert_called_once_with(mock_integration)
@@ -1,7 +1,5 @@
 import os
-import uuid
 import zipfile
-from datetime import datetime
 from pathlib import Path
 from unittest.mock import MagicMock, patch

@@ -129,26 +127,14 @@ class TestOutputs:
        _upload_to_s3("tenant", str(zip_path), "scan")
        mock_logger.assert_called()

-    @patch("tasks.jobs.export.rls_transaction")
-    @patch("tasks.jobs.export.Scan")
-    def test_generate_output_directory_creates_paths(
-        self, mock_scan, mock_rls_transaction, tmpdir
-    ):
-        # Mock the scan object with a started_at timestamp
-        mock_scan_instance = MagicMock()
-        mock_scan_instance.started_at = datetime(2023, 6, 15, 10, 30, 45)
-        mock_scan.objects.get.return_value = mock_scan_instance
-
-        # Mock rls_transaction as a context manager
-        mock_rls_transaction.return_value.__enter__ = MagicMock()
-        mock_rls_transaction.return_value.__exit__ = MagicMock(return_value=False)
+    def test_generate_output_directory_creates_paths(self, tmpdir):
+        from prowler.config.config import output_file_timestamp

        base_tmp = Path(str(tmpdir.mkdir("generate_output")))
        base_dir = str(base_tmp)
-        tenant_id = str(uuid.uuid4())
-        scan_id = str(uuid.uuid4())
+        tenant_id = "t1"
+        scan_id = "s1"
        provider = "aws"
-        expected_timestamp = "20230615103045"

        path, compliance = _generate_output_directory(
            base_dir, provider, tenant_id, scan_id
@@ -157,29 +143,17 @@ class TestOutputs:
        assert os.path.isdir(os.path.dirname(path))
        assert os.path.isdir(os.path.dirname(compliance))

-        assert path.endswith(f"{provider}-{expected_timestamp}")
-        assert compliance.endswith(f"{provider}-{expected_timestamp}")
+        assert path.endswith(f"{provider}-{output_file_timestamp}")
+        assert compliance.endswith(f"{provider}-{output_file_timestamp}")

-    @patch("tasks.jobs.export.rls_transaction")
-    @patch("tasks.jobs.export.Scan")
-    def test_generate_output_directory_invalid_character(
-        self, mock_scan, mock_rls_transaction, tmpdir
-    ):
-        # Mock the scan object with a started_at timestamp
-        mock_scan_instance = MagicMock()
-        mock_scan_instance.started_at = datetime(2023, 6, 15, 10, 30, 45)
-        mock_scan.objects.get.return_value = mock_scan_instance
-
-        # Mock rls_transaction as a context manager
-        mock_rls_transaction.return_value.__enter__ = MagicMock()
-        mock_rls_transaction.return_value.__exit__ = MagicMock(return_value=False)
+    def test_generate_output_directory_invalid_character(self, tmpdir):
+        from prowler.config.config import output_file_timestamp

        base_tmp = Path(str(tmpdir.mkdir("generate_output")))
        base_dir = str(base_tmp)
-        tenant_id = str(uuid.uuid4())
-        scan_id = str(uuid.uuid4())
+        tenant_id = "t1"
+        scan_id = "s1"
        provider = "aws/test@check"
-        expected_timestamp = "20230615103045"

        path, compliance = _generate_output_directory(
            base_dir, provider, tenant_id, scan_id
@@ -188,5 +162,5 @@ class TestOutputs:
        assert os.path.isdir(os.path.dirname(path))
        assert os.path.isdir(os.path.dirname(compliance))

-        assert path.endswith(f"aws-test-check-{expected_timestamp}")
-        assert compliance.endswith(f"aws-test-check-{expected_timestamp}")
+        assert path.endswith(f"aws-test-check-{output_file_timestamp}")
+        assert compliance.endswith(f"aws-test-check-{output_file_timestamp}")
@@ -1,475 +0,0 @@
-from unittest.mock import MagicMock, patch
-
-import pytest
-from tasks.jobs.integrations import (
-    get_s3_client_from_integration,
-    upload_s3_integration,
-)
-
-from api.models import Integration
-from api.utils import prowler_integration_connection_test
-from prowler.providers.common.models import Connection
-
-
-@pytest.mark.django_db
-class TestS3IntegrationUploads:
-    @patch("tasks.jobs.integrations.S3")
-    def test_get_s3_client_from_integration_success(self, mock_s3_class):
-        mock_integration = MagicMock()
-        mock_integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test-prefix",
-        }
-
-        mock_s3 = MagicMock()
-        mock_connection = MagicMock()
-        mock_connection.is_connected = True
-        mock_s3.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3
-
-        connected, s3 = get_s3_client_from_integration(mock_integration)
-
-        assert connected is True
-        assert s3 == mock_s3
-        mock_s3_class.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-            output_directory="test-prefix",
-        )
-        mock_s3.test_connection.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-        )
-
-    @patch("tasks.jobs.integrations.S3")
-    def test_get_s3_client_from_integration_failure(self, mock_s3_class):
-        mock_integration = MagicMock()
-        mock_integration.credentials = {}
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test-prefix",
-        }
-
-        from prowler.providers.common.models import Connection
-
-        mock_connection = Connection()
-        mock_connection.is_connected = False
-        mock_connection.error = Exception("test error")
-
-        mock_s3 = MagicMock()
-        mock_s3.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3
-
-        connected, connection = get_s3_client_from_integration(mock_integration)
-
-        assert connected is False
-        assert isinstance(connection, Connection)
-        assert str(connection.error) == "test error"
-
-    @patch("tasks.jobs.integrations.GenericCompliance")
-    @patch("tasks.jobs.integrations.ASFF")
-    @patch("tasks.jobs.integrations.OCSF")
-    @patch("tasks.jobs.integrations.HTML")
-    @patch("tasks.jobs.integrations.CSV")
-    @patch("tasks.jobs.integrations.glob")
-    @patch("tasks.jobs.integrations.get_s3_client_from_integration")
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    def test_upload_s3_integration_uploads_serialized_outputs(
-        self,
-        mock_integration_model,
-        mock_rls,
-        mock_get_s3,
-        mock_glob,
-        mock_csv,
-        mock_html,
-        mock_ocsf,
-        mock_asff,
-        mock_compliance,
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.configuration = {
-            "bucket_name": "bucket",
-            "output_directory": "prefix",
-        }
-        mock_integration_model.objects.filter.return_value = [integration]
-
-        mock_s3 = MagicMock()
-        mock_get_s3.return_value = (True, mock_s3)
-
-        # Mock the output classes to return mock instances
-        mock_csv_instance = MagicMock()
-        mock_html_instance = MagicMock()
-        mock_ocsf_instance = MagicMock()
-        mock_asff_instance = MagicMock()
-        mock_compliance_instance = MagicMock()
-
-        mock_csv.return_value = mock_csv_instance
-        mock_html.return_value = mock_html_instance
-        mock_ocsf.return_value = mock_ocsf_instance
-        mock_asff.return_value = mock_asff_instance
-        mock_compliance.return_value = mock_compliance_instance
-
-        # Mock glob to return test files
-        output_directory = "/tmp/prowler_output/scan123"
-        mock_glob.side_effect = [
-            ["/tmp/prowler_output/scan123.csv"],
-            ["/tmp/prowler_output/scan123.html"],
-            ["/tmp/prowler_output/scan123.ocsf.json"],
-            ["/tmp/prowler_output/scan123.asff.json"],
-            ["/tmp/prowler_output/compliance/compliance.csv"],
-        ]
-
-        with patch("os.path.exists", return_value=True):
-            with patch("os.getenv", return_value="/tmp/prowler_api_output"):
-                result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is True
-        mock_s3.send_to_bucket.assert_called_once()
-
-    @patch("tasks.jobs.integrations.get_s3_client_from_integration")
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_fails_connection_logs_error(
-        self, mock_logger, mock_integration_model, mock_rls, mock_get_s3
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.connected = True
-        mock_s3_client = MagicMock()
-        mock_s3_client.error = "Connection failed"
-
-        mock_integration_model.objects.filter.return_value = [integration]
-        mock_get_s3.return_value = (False, mock_s3_client)
-
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        integration.save.assert_called_once()
-        assert integration.connected is False
-        mock_logger.error.assert_any_call(
-            "S3 upload failed, connection failed for integration i-1: Connection failed"
-        )
-
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_logs_if_no_integrations(
-        self, mock_logger, mock_integration_model, mock_rls
-    ):
-        mock_integration_model.objects.filter.return_value = []
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration("tenant", "provider", output_directory)
-
-        assert result is False
-        mock_logger.error.assert_called_once_with(
-            "No S3 integrations found for provider provider"
-        )
-
-    @patch(
-        "tasks.jobs.integrations.get_s3_client_from_integration",
-        side_effect=Exception("failed"),
-    )
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_logs_connection_exception_and_continues(
-        self, mock_logger, mock_integration_model, mock_rls, mock_get_s3
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.configuration = {
-            "bucket_name": "bucket",
-            "output_directory": "prefix",
-        }
-        mock_integration_model.objects.filter.return_value = [integration]
-
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        mock_logger.info.assert_any_call(
-            "S3 connection failed for integration i-1: failed"
-        )
-
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration.objects.filter")
-    def test_upload_s3_integration_filters_enabled_only(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that upload_s3_integration only processes enabled integrations."""
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-        output_directory = "/tmp/prowler_output/scan123"
-
-        # Mock that no enabled integrations are found
-        mock_integration_filter.return_value = []
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        # Verify the filter includes the correct parameters including enabled=True
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=provider_id,
-            integration_type=Integration.IntegrationChoices.AMAZON_S3,
-            enabled=True,
-        )
-
-    def test_s3_integration_validates_and_normalizes_output_directory(self):
-        """Test that S3 integration validation normalizes output_directory paths."""
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "///////test",  # This should be normalized
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        # Should not raise an exception and should normalize the path
-        BaseWriteIntegrationSerializer.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-
-        # Verify that the path was normalized
-        assert configuration["output_directory"] == "test"
-
-    def test_s3_integration_rejects_invalid_output_directory_characters(self):
-        """Test that S3 integration validation rejects invalid characters."""
-        from rest_framework.exceptions import ValidationError
-
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test<invalid",  # Contains invalid character
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        with pytest.raises(ValidationError) as exc_info:
-            BaseWriteIntegrationSerializer.validate_integration_data(
-                integration_type, providers, configuration, credentials
-            )
-
-        # Should contain validation error about invalid characters
-        assert "Output directory contains invalid characters" in str(exc_info.value)
-
-    def test_s3_integration_rejects_empty_output_directory(self):
-        """Test that S3 integration validation rejects empty directories."""
-        from rest_framework.exceptions import ValidationError
-
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "/////",  # This becomes empty after normalization
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        with pytest.raises(ValidationError) as exc_info:
-            BaseWriteIntegrationSerializer.validate_integration_data(
-                integration_type, providers, configuration, credentials
-            )
-
-        # Should contain validation error about empty directory
-        assert "Output directory cannot be empty" in str(exc_info.value)
-
-    def test_s3_integration_normalizes_complex_paths(self):
-        """Test that S3 integration validation handles complex path normalization."""
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "//test//folder///subfolder//",
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        BaseWriteIntegrationSerializer.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-
-        # Verify complex path normalization
-        assert configuration["output_directory"] == "test/folder/subfolder"
-
-    @patch("tasks.jobs.integrations.S3")
-    def test_s3_client_uses_output_directory_in_object_paths(self, mock_s3_class):
-        """Test that S3 client uses output_directory correctly when generating object paths."""
-        mock_integration = MagicMock()
-        mock_integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "my-custom-prefix/scan-results",
-        }
-
-        mock_s3_instance = MagicMock()
-        mock_connection = MagicMock()
-        mock_connection.is_connected = True
-        mock_s3_instance.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3_instance
-
-        connected, s3 = get_s3_client_from_integration(mock_integration)
-
-        assert connected is True
-        # Verify S3 was initialized with the correct output_directory
-        mock_s3_class.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-            output_directory="my-custom-prefix/scan-results",
-        )
-
-
-@pytest.mark.django_db
-class TestProwlerIntegrationConnectionTest:
-    @patch("api.utils.S3")
-    def test_s3_integration_connection_success(self, mock_s3_class):
-        """Test successful S3 integration connection."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        mock_connection = Connection(is_connected=True)
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is True
-        mock_s3_class.test_connection.assert_called_once_with(
-            **integration.credentials,
-            bucket_name="test-bucket",
-            raise_on_exception=False,
-        )
-
-    @patch("api.utils.S3")
-    def test_aws_provider_exception_handling(self, mock_s3_class):
-        """Test S3 connection exception is properly caught and returned."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "invalid",
-            "aws_secret_access_key": "credentials",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        test_exception = Exception("Invalid credentials")
-        mock_connection = Connection(is_connected=False, error=test_exception)
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is False
-        assert result.error == test_exception
-        mock_s3_class.test_connection.assert_called_once_with(
-            aws_access_key_id="invalid",
-            aws_secret_access_key="credentials",
-            bucket_name="test-bucket",
-            raise_on_exception=False,
-        )
-
-    @patch("api.utils.AwsProvider")
-    @patch("api.utils.S3")
-    def test_s3_integration_connection_failure(self, mock_s3_class, mock_aws_provider):
-        """Test S3 integration connection failure."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        mock_session = MagicMock()
-        mock_aws_provider.return_value.session.current_session = mock_session
-
-        mock_connection = Connection(
-            is_connected=False, error=Exception("Bucket not found")
-        )
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is False
-        assert str(result.error) == "Bucket not found"
-
-    @patch("api.utils.AwsProvider")
-    @patch("api.utils.S3")
-    def test_aws_security_hub_integration_connection(
-        self, mock_s3_class, mock_aws_provider
-    ):
-        """Test AWS Security Hub integration only validates AWS session."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AWS_SECURITY_HUB
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"region": "us-east-1"}
-
-        mock_session = MagicMock()
-        mock_aws_provider.return_value.session.current_session = mock_session
-
-        # For AWS Security Hub, the function should return early after AWS session validation
-        result = prowler_integration_connection_test(integration)
-
-        # The function should not reach S3 test_connection for AWS_SECURITY_HUB
-        mock_s3_class.test_connection.assert_not_called()
-        # Since no exception was raised during AWS session creation, return None (success)
-        assert result is None
-
-    def test_unsupported_integration_type(self):
-        """Test unsupported integration type raises ValueError."""
-        integration = MagicMock()
-        integration.integration_type = "UNSUPPORTED_TYPE"
-        integration.credentials = {}
-        integration.configuration = {}
-
-        with pytest.raises(
-            ValueError, match="Integration type UNSUPPORTED_TYPE not supported"
-        ):
-            prowler_integration_connection_test(integration)
@@ -1,18 +1,11 @@
 import uuid
+from pathlib import Path
 from unittest.mock import MagicMock, patch

 import pytest
-from tasks.tasks import (
-    _perform_scan_complete_tasks,
-    check_integrations_task,
-    generate_outputs_task,
-    s3_integration_task,
-)
-
-from api.models import Integration
+from tasks.tasks import generate_outputs


-# TODO Move this to outputs/reports jobs
@pytest.mark.django_db
 class TestGenerateOutputs:
    def setup_method(self):
@@ -24,7 +17,7 @@ class TestGenerateOutputs:
        with patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter:
            mock_filter.return_value.exists.return_value = False

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -33,6 +26,7 @@ class TestGenerateOutputs:
            assert result == {"upload": False}
            mock_filter.assert_called_once_with(scan_id=self.scan_id)

+    @patch("tasks.tasks.rmtree")
    @patch("tasks.tasks._upload_to_s3")
    @patch("tasks.tasks._compress_output_files")
    @patch("tasks.tasks.get_compliance_frameworks")
@@ -51,6 +45,7 @@ class TestGenerateOutputs:
        mock_get_available_frameworks,
        mock_compress,
        mock_upload,
+        mock_rmtree,
    ):
        mock_scan_summary_filter.return_value.exists.return_value = True

@@ -100,12 +95,11 @@ class TestGenerateOutputs:
                return_value=("out-dir", "comp-dir"),
            ),
            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
-            patch("tasks.tasks.rmtree"),
        ):
            mock_compress.return_value = "/tmp/zipped.zip"
            mock_upload.return_value = "s3://bucket/zipped.zip"

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -115,6 +109,9 @@ class TestGenerateOutputs:
            mock_scan_update.return_value.update.assert_called_once_with(
                output_location="s3://bucket/zipped.zip"
            )
+            mock_rmtree.assert_called_once_with(
+                Path("/tmp/zipped.zip").parent, ignore_errors=True
+            )

    def test_generate_outputs_fails_upload(self):
        with (
@@ -146,7 +143,6 @@ class TestGenerateOutputs:
            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
            patch("tasks.tasks._upload_to_s3", return_value=None),
            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
-            patch("tasks.tasks.rmtree"),
        ):
            mock_filter.return_value.exists.return_value = True
            mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -154,9 +150,9 @@ class TestGenerateOutputs:
                True,
            ]

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id="scan",
-                provider_id=self.provider_id,
+                provider_id="provider",
                tenant_id=self.tenant_id,
            )

@@ -188,7 +184,6 @@ class TestGenerateOutputs:
            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/f.zip"),
            patch("tasks.tasks.Scan.all_objects.filter"),
-            patch("tasks.tasks.rmtree"),
        ):
            mock_filter.return_value.exists.return_value = True
            mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -213,7 +208,7 @@ class TestGenerateOutputs:
                    {"aws": [(lambda x: True, MagicMock())]},
                ),
            ):
-                generate_outputs_task(
+                generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -259,8 +254,8 @@ class TestGenerateOutputs:
            ),
            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
-            patch("tasks.tasks.Scan.all_objects.filter"),
            patch("tasks.tasks.rmtree"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
            patch(
                "tasks.tasks.batched",
                return_value=[
@@ -281,7 +276,7 @@ class TestGenerateOutputs:
                    }
                },
            ):
-                result = generate_outputs_task(
+                result = generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -337,13 +332,13 @@ class TestGenerateOutputs:
            ),
            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
            patch(
                "tasks.tasks.Scan.all_objects.filter",
                return_value=MagicMock(update=lambda **kw: None),
            ),
            patch("tasks.tasks.batched", return_value=two_batches),
            patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
-            patch("tasks.tasks.rmtree"),
            patch(
                "tasks.tasks.COMPLIANCE_CLASS_MAP",
                {"aws": [(lambda name: True, TrackingComplianceWriter)]},
@@ -351,7 +346,7 @@ class TestGenerateOutputs:
        ):
            mock_summary.return_value.exists.return_value = True

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -362,7 +357,6 @@ class TestGenerateOutputs:
        assert writer.transform_calls == [([raw2], compliance_obj, "cis")]
        assert result == {"upload": True}

-    # TODO: We need to add a periodic task to delete old output files
    def test_generate_outputs_logs_rmtree_exception(self, caplog):
        mock_finding_output = MagicMock()
        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
@@ -413,188 +407,9 @@ class TestGenerateOutputs:
                ),
            ):
                with caplog.at_level("ERROR"):
-                    generate_outputs_task(
+                    generate_outputs(
                        scan_id=self.scan_id,
                        provider_id=self.provider_id,
                        tenant_id=self.tenant_id,
                    )
                    assert "Error deleting output files" in caplog.text
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_generate_outputs_filters_enabled_s3_integrations(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that generate_outputs_task only processes enabled S3 integrations."""
-        with (
-            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
-            patch("tasks.tasks.Provider.objects.get"),
-            patch("tasks.tasks.initialize_prowler_provider"),
-            patch("tasks.tasks.Compliance.get_bulk"),
-            patch("tasks.tasks.get_compliance_frameworks", return_value=[]),
-            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
-            patch(
-                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
-            ),
-            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
-            patch("tasks.tasks.FindingOutput.transform_api_finding"),
-            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
-            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/file.zip"),
-            patch("tasks.tasks.Scan.all_objects.filter"),
-            patch("tasks.tasks.rmtree"),
-            patch("tasks.tasks.s3_integration_task.apply_async") as mock_s3_task,
-        ):
-            mock_summary.return_value.exists.return_value = True
-            mock_findings.return_value.order_by.return_value.iterator.return_value = [
-                [MagicMock()],
-                True,
-            ]
-            mock_integration_filter.return_value = [MagicMock()]
-            mock_rls.return_value.__enter__.return_value = None
-
-            with (
-                patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
-                patch("tasks.tasks.COMPLIANCE_CLASS_MAP", {"aws": []}),
-            ):
-                generate_outputs_task(
-                    scan_id=self.scan_id,
-                    provider_id=self.provider_id,
-                    tenant_id=self.tenant_id,
-                )
-
-            # Verify the S3 integrations filters
-            mock_integration_filter.assert_called_once_with(
-                integrationproviderrelationship__provider_id=self.provider_id,
-                integration_type=Integration.IntegrationChoices.AMAZON_S3,
-                enabled=True,
-            )
-            mock_s3_task.assert_called_once()
-
-
-class TestScanCompleteTasks:
-    @patch("tasks.tasks.create_compliance_requirements_task.apply_async")
-    @patch("tasks.tasks.perform_scan_summary_task.si")
-    @patch("tasks.tasks.generate_outputs_task.si")
-    def test_scan_complete_tasks(
-        self, mock_outputs_task, mock_scan_summary_task, mock_compliance_tasks
-    ):
-        _perform_scan_complete_tasks("tenant-id", "scan-id", "provider-id")
-        mock_compliance_tasks.assert_called_once_with(
-            kwargs={"tenant_id": "tenant-id", "scan_id": "scan-id"},
-        )
-        mock_scan_summary_task.assert_called_once_with(
-            scan_id="scan-id",
-            tenant_id="tenant-id",
-        )
-        mock_outputs_task.assert_called_once_with(
-            scan_id="scan-id",
-            provider_id="provider-id",
-            tenant_id="tenant-id",
-        )
-
-
-@pytest.mark.django_db
-class TestCheckIntegrationsTask:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-        self.output_directory = "/tmp/some-output-dir"
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_no_integrations(
-        self, mock_integration_filter, mock_rls
-    ):
-        mock_integration_filter.return_value.exists.return_value = False
-        # Ensure rls_transaction is mocked
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-
-    @patch("tasks.tasks.group")
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_s3_success(
-        self, mock_integration_filter, mock_rls, mock_group
-    ):
-        # Mock that we have some integrations
-        mock_integration_filter.return_value.exists.return_value = True
-        # Ensure rls_transaction is mocked
-        mock_rls.return_value.__enter__.return_value = None
-
-        # Since the current implementation doesn't actually create tasks yet (TODO comment),
-        # we test that no tasks are created but the function returns the correct count
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-        # group should not be called since no integration tasks are created yet
-        mock_group.assert_not_called()
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_disabled_integrations_ignored(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that disabled integrations are not processed."""
-        mock_integration_filter.return_value.exists.return_value = False
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-
-    @patch("tasks.tasks.upload_s3_integration")
-    def test_s3_integration_task_success(self, mock_upload):
-        mock_upload.return_value = True
-        output_directory = "/tmp/prowler_api_output/test"
-
-        result = s3_integration_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-            output_directory=output_directory,
-        )
-
-        assert result is True
-        mock_upload.assert_called_once_with(
-            self.tenant_id, self.provider_id, output_directory
-        )
-
-    @patch("tasks.tasks.upload_s3_integration")
-    def test_s3_integration_task_failure(self, mock_upload):
-        mock_upload.return_value = False
-        output_directory = "/tmp/prowler_api_output/test"
-
-        result = s3_integration_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-            output_directory=output_directory,
-        )
-
-        assert result is False
-        mock_upload.assert_called_once_with(
-            self.tenant_id, self.provider_id, output_directory
-        )
@@ -1,128 +0,0 @@
-import random
-from collections import defaultdict
-
-import requests
-from locust import events, task
-from utils.helpers import APIUserBase, get_api_token, get_auth_headers
-
-GLOBAL = {
-    "token": None,
-    "available_scans_info": {},
-}
-SUPPORTED_COMPLIANCE_IDS = {
-    "aws": ["ens_rd2022", "cis_2.0", "prowler_threatscore", "soc2"],
-    "gcp": ["ens_rd2022", "cis_2.0", "prowler_threatscore", "soc2"],
-    "azure": ["ens_rd2022", "cis_2.0", "prowler_threatscore", "soc2"],
-    "m365": ["cis_4.0", "iso27001_2022", "prowler_threatscore"],
-}
-
-
-def _get_random_scan() -> tuple:
-    provider_type = random.choice(list(GLOBAL["available_scans_info"].keys()))
-    scan_info = random.choice(GLOBAL["available_scans_info"][provider_type])
-    return provider_type, scan_info
-
-
-def _get_random_compliance_id(provider: str) -> str:
-    return f"{random.choice(SUPPORTED_COMPLIANCE_IDS[provider])}_{provider}"
-
-
-def _get_compliance_available_scans_by_provider_type(host: str, token: str) -> dict:
-    excluded_providers = ["kubernetes"]
-
-    response_dict = defaultdict(list)
-    provider_response = requests.get(
-        f"{host}/providers?fields[providers]=id,provider&filter[connected]=true",
-        headers=get_auth_headers(token),
-    )
-    for provider in provider_response.json()["data"]:
-        provider_id = provider["id"]
-        provider_type = provider["attributes"]["provider"]
-        if provider_type in excluded_providers:
-            continue
-
-        scan_response = requests.get(
-            f"{host}/scans?fields[scans]=id&filter[provider]={provider_id}&filter[state]=completed",
-            headers=get_auth_headers(token),
-        )
-        scan_data = scan_response.json()["data"]
-        if not scan_data:
-            continue
-        scan_id = scan_data[0]["id"]
-        response_dict[provider_type].append(scan_id)
-    return response_dict
-
-
-def _get_compliance_regions_from_scan(host: str, token: str, scan_id: str) -> list:
-    response = requests.get(
-        f"{host}/compliance-overviews/metadata?filter[scan_id]={scan_id}",
-        headers=get_auth_headers(token),
-    )
-    assert response.status_code == 200, f"Failed to get scan: {response.text}"
-    return response.json()["data"]["attributes"]["regions"]
-
-
-@events.test_start.add_listener
-def on_test_start(environment, **kwargs):
-    GLOBAL["token"] = get_api_token(environment.host)
-    scans_by_provider = _get_compliance_available_scans_by_provider_type(
-        environment.host, GLOBAL["token"]
-    )
-    scan_info = defaultdict(list)
-    for provider, scans in scans_by_provider.items():
-        for scan in scans:
-            scan_info[provider].append(
-                {
-                    "scan_id": scan,
-                    "regions": _get_compliance_regions_from_scan(
-                        environment.host, GLOBAL["token"], scan
-                    ),
-                }
-            )
-    GLOBAL["available_scans_info"] = scan_info
-
-
-class APIUser(APIUserBase):
-    def on_start(self):
-        self.token = GLOBAL["token"]
-
-    @task(3)
-    def compliance_overviews_default(self):
-        provider_type, scan_info = _get_random_scan()
-        name = f"/compliance-overviews ({provider_type})"
-        endpoint = f"/compliance-overviews?" f"filter[scan_id]={scan_info['scan_id']}"
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(2)
-    def compliance_overviews_region(self):
-        provider_type, scan_info = _get_random_scan()
-        name = f"/compliance-overviews?filter[region] ({provider_type})"
-        endpoint = (
-            f"/compliance-overviews"
-            f"?filter[scan_id]={scan_info['scan_id']}"
-            f"&filter[region]={random.choice(scan_info['regions'])}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(2)
-    def compliance_overviews_requirements(self):
-        provider_type, scan_info = _get_random_scan()
-        compliance_id = _get_random_compliance_id(provider_type)
-        name = f"/compliance-overviews/requirements ({compliance_id})"
-        endpoint = (
-            f"/compliance-overviews/requirements"
-            f"?filter[scan_id]={scan_info['scan_id']}"
-            f"&filter[compliance_id]={compliance_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def compliance_overviews_attributes(self):
-        provider_type, _ = _get_random_scan()
-        compliance_id = _get_random_compliance_id(provider_type)
-        name = f"/compliance-overviews/attributes ({compliance_id})"
-        endpoint = (
-            f"/compliance-overviews/attributes"
-            f"?filter[compliance_id]={compliance_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
@@ -1,234 +0,0 @@
-from locust import events, task
-from utils.config import (
-    L_PROVIDER_NAME,
-    M_PROVIDER_NAME,
-    RESOURCES_UI_FIELDS,
-    S_PROVIDER_NAME,
-    TARGET_INSERTED_AT,
-)
-from utils.helpers import (
-    APIUserBase,
-    get_api_token,
-    get_auth_headers,
-    get_dynamic_filters_pairs,
-    get_next_resource_filter,
-    get_scan_id_from_provider_name,
-)
-
-GLOBAL = {
-    "token": None,
-    "scan_ids": {},
-    "resource_filters": None,
-    "large_resource_filters": None,
-}
-
-
-@events.test_start.add_listener
-def on_test_start(environment, **kwargs):
-    GLOBAL["token"] = get_api_token(environment.host)
-
-    GLOBAL["scan_ids"]["small"] = get_scan_id_from_provider_name(
-        environment.host, GLOBAL["token"], S_PROVIDER_NAME
-    )
-    GLOBAL["scan_ids"]["medium"] = get_scan_id_from_provider_name(
-        environment.host, GLOBAL["token"], M_PROVIDER_NAME
-    )
-    GLOBAL["scan_ids"]["large"] = get_scan_id_from_provider_name(
-        environment.host, GLOBAL["token"], L_PROVIDER_NAME
-    )
-
-    GLOBAL["resource_filters"] = get_dynamic_filters_pairs(
-        environment.host, GLOBAL["token"], "resources"
-    )
-    GLOBAL["large_resource_filters"] = get_dynamic_filters_pairs(
-        environment.host, GLOBAL["token"], "resources", GLOBAL["scan_ids"]["large"]
-    )
-
-
-class APIUser(APIUserBase):
-    def on_start(self):
-        self.token = GLOBAL["token"]
-        self.s_scan_id = GLOBAL["scan_ids"]["small"]
-        self.m_scan_id = GLOBAL["scan_ids"]["medium"]
-        self.l_scan_id = GLOBAL["scan_ids"]["large"]
-        self.available_resource_filters = GLOBAL["resource_filters"]
-        self.available_resource_filters_large_scan = GLOBAL["large_resource_filters"]
-
-    @task
-    def resources_default(self):
-        name = "/resources"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}"
-            f"&filter[updated_at]={TARGET_INSERTED_AT}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_default_ui_fields(self):
-        name = "/resources?fields"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}"
-            f"&fields[resources]={','.join(RESOURCES_UI_FIELDS)}"
-            f"&filter[updated_at]={TARGET_INSERTED_AT}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_default_include(self):
-        name = "/resources?include"
-        page = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page}"
-            f"&filter[updated_at]={TARGET_INSERTED_AT}"
-            f"&include=provider"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_metadata(self):
-        name = "/resources/metadata"
-        endpoint = f"/resources/metadata?filter[updated_at]={TARGET_INSERTED_AT}"
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def resources_scan_small(self):
-        name = "/resources?filter[scan_id] - 50k"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}" f"&filter[scan]={self.s_scan_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def resources_metadata_scan_small(self):
-        name = "/resources/metadata?filter[scan_id] - 50k"
-        endpoint = f"/resources/metadata?&filter[scan]={self.s_scan_id}"
-        self.client.get(
-            endpoint,
-            headers=get_auth_headers(self.token),
-            name=name,
-        )
-
-    @task(2)
-    def resources_scan_medium(self):
-        name = "/resources?filter[scan_id] - 250k"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}" f"&filter[scan]={self.m_scan_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def resources_metadata_scan_medium(self):
-        name = "/resources/metadata?filter[scan_id] - 250k"
-        endpoint = f"/resources/metadata?&filter[scan]={self.m_scan_id}"
-        self.client.get(
-            endpoint,
-            headers=get_auth_headers(self.token),
-            name=name,
-        )
-
-    @task
-    def resources_scan_large(self):
-        name = "/resources?filter[scan_id] - 500k"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}" f"&filter[scan]={self.l_scan_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def resources_scan_large_include(self):
-        name = "/resources?filter[scan_id]&include - 500k"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources?page[number]={page_number}"
-            f"&filter[scan]={self.l_scan_id}"
-            f"&include=provider"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task
-    def resources_metadata_scan_large(self):
-        endpoint = f"/resources/metadata?&filter[scan]={self.l_scan_id}"
-        self.client.get(
-            endpoint,
-            headers=get_auth_headers(self.token),
-            name="/resources/metadata?filter[scan_id] - 500k",
-        )
-
-    @task(2)
-    def resources_filters(self):
-        name = "/resources?filter[resource_filter]&include"
-        filter_name, filter_value = get_next_resource_filter(
-            self.available_resource_filters
-        )
-
-        endpoint = (
-            f"/resources?filter[{filter_name}]={filter_value}"
-            f"&filter[updated_at]={TARGET_INSERTED_AT}"
-            f"&include=provider"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_metadata_filters(self):
-        name = "/resources/metadata?filter[resource_filter]"
-        filter_name, filter_value = get_next_resource_filter(
-            self.available_resource_filters
-        )
-
-        endpoint = (
-            f"/resources/metadata?filter[{filter_name}]={filter_value}"
-            f"&filter[updated_at]={TARGET_INSERTED_AT}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_metadata_filters_scan_large(self):
-        name = "/resources/metadata?filter[resource_filter]&filter[scan_id] - 500k"
-        filter_name, filter_value = get_next_resource_filter(
-            self.available_resource_filters
-        )
-
-        endpoint = (
-            f"/resources/metadata?filter[{filter_name}]={filter_value}"
-            f"&filter[scan]={self.l_scan_id}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(2)
-    def resourcess_filter_large_scan_include(self):
-        name = "/resources?filter[resource_filter][scan]&include - 500k"
-        filter_name, filter_value = get_next_resource_filter(
-            self.available_resource_filters
-        )
-
-        endpoint = (
-            f"/resources?filter[{filter_name}]={filter_value}"
-            f"&filter[scan]={self.l_scan_id}"
-            f"&include=provider"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_latest_default_ui_fields(self):
-        name = "/resources/latest?fields"
-        page_number = self._next_page(name)
-        endpoint = (
-            f"/resources/latest?page[number]={page_number}"
-            f"&fields[resources]={','.join(RESOURCES_UI_FIELDS)}"
-        )
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
-
-    @task(3)
-    def resources_latest_metadata_filters(self):
-        name = "/resources/metadata/latest?filter[resource_filter]"
-        filter_name, filter_value = get_next_resource_filter(
-            self.available_resource_filters
-        )
-
-        endpoint = f"/resources/metadata/latest?filter[{filter_name}]={filter_value}"
-        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
@@ -13,23 +13,6 @@ FINDINGS_RESOURCE_METADATA = {
    "resource_types": "resource_type",
    "services": "service",
 }
-RESOURCE_METADATA = {
-    "regions": "region",
-    "types": "type",
-    "services": "service",
-}
-
-RESOURCES_UI_FIELDS = [
-    "name",
-    "failed_findings_count",
-    "region",
-    "service",
-    "type",
-    "provider",
-    "inserted_at",
-    "updated_at",
-    "uid",
-]

 S_PROVIDER_NAME = "provider-50k"
 M_PROVIDER_NAME = "provider-250k"
@@ -7,7 +7,6 @@ from locust import HttpUser, between
 from utils.config import (
    BASE_HEADERS,
    FINDINGS_RESOURCE_METADATA,
-    RESOURCE_METADATA,
    TARGET_INSERTED_AT,
    USER_EMAIL,
    USER_PASSWORD,
@@ -122,16 +121,13 @@ def get_scan_id_from_provider_name(host: str, token: str, provider_name: str) ->
    return response.json()["data"][0]["id"]


-def get_dynamic_filters_pairs(
-    host: str, token: str, endpoint: str, scan_id: str = ""
-) -> dict:
+def get_resource_filters_pairs(host: str, token: str, scan_id: str = "") -> dict:
    """
-    Retrieves and maps metadata filter values from a given endpoint.
+    Retrieves and maps resource metadata filter values from the findings endpoint.

    Args:
        host (str): The host URL of the API.
        token (str): Bearer token for authentication.
-        endpoint (str): The API endpoint to query for metadata.
        scan_id (str, optional): Optional scan ID to filter metadata. Defaults to using inserted_at timestamp.

    Returns:
@@ -140,28 +136,22 @@ def get_dynamic_filters_pairs(
    Raises:
        AssertionError: If the request fails or does not return a 200 status code.
    """
-    metadata_mapping = (
-        FINDINGS_RESOURCE_METADATA if endpoint == "findings" else RESOURCE_METADATA
-    )
-    date_filter = "inserted_at" if endpoint == "findings" else "updated_at"
    metadata_filters = (
        f"filter[scan]={scan_id}"
        if scan_id
-        else f"filter[{date_filter}]={TARGET_INSERTED_AT}"
+        else f"filter[inserted_at]={TARGET_INSERTED_AT}"
    )
    response = requests.get(
-        f"{host}/{endpoint}/metadata?{metadata_filters}",
-        headers=get_auth_headers(token),
+        f"{host}/findings/metadata?{metadata_filters}", headers=get_auth_headers(token)
    )
    assert (
        response.status_code == 200
    ), f"Failed to get resource filters values: {response.text}"
    attributes = response.json()["data"]["attributes"]
-
    return {
-        metadata_mapping[key]: values
+        FINDINGS_RESOURCE_METADATA[key]: values
        for key, values in attributes.items()
-        if key in metadata_mapping.keys()
+        if key in FINDINGS_RESOURCE_METADATA.keys()
    }


@@ -23,7 +23,6 @@ import argparse
 import json
 import os
 import re
-import shlex
 import signal
 import socket
 import subprocess
@@ -146,11 +145,11 @@ def _get_script_arguments():

 def _run_prowler(prowler_args):
    _debug("Running prowler with args: {0}".format(prowler_args), 1)
-    _prowler_command = shlex.split(
-        "{prowler}/prowler {args}".format(prowler=PATH_TO_PROWLER, args=prowler_args)
+    _prowler_command = "{prowler}/prowler {args}".format(
+        prowler=PATH_TO_PROWLER, args=prowler_args
    )
-    _debug("Running command: {0}".format(" ".join(_prowler_command)), 2)
-    _process = subprocess.Popen(_prowler_command, stdout=subprocess.PIPE)
+    _debug("Running command: {0}".format(_prowler_command), 2)
+    _process = subprocess.Popen(_prowler_command, stdout=subprocess.PIPE, shell=True)
    _output, _error = _process.communicate()
    _debug("Raw prowler output: {0}".format(_output), 3)
    _debug("Raw prowler error: {0}".format(_error), 3)
@@ -1,25 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
@@ -4,10 +4,7 @@ from dash import html


 def create_provider_card(
-    provider: str,
-    provider_logo: str,
-    account_type: str,
-    filtered_data,
+    provider: str, provider_logo: str, account_type: str, filtered_data
 ) -> List[html.Div]:
    """
    Card to display the provider's name and icon.
@@ -245,31 +245,6 @@ def create_service_dropdown(services: list) -> html.Div:
    )


-def create_provider_dropdown(providers: list) -> html.Div:
-    """
-    Dropdown to select the provider.
-    Args:
-        providers (list): List of providers.
-    Returns:
-        html.Div: Dropdown to select the provider.
-    """
-    return html.Div(
-        [
-            html.Label(
-                "Provider:", className="text-prowler-stone-900 font-bold text-sm"
-            ),
-            dcc.Dropdown(
-                id="provider-filter",
-                options=[{"label": i, "value": i} for i in providers],
-                value=["All"],
-                clearable=False,
-                multi=True,
-                style={"color": "#000000"},
-            ),
-        ],
-    )
-
-
 def create_status_dropdown(status: list) -> html.Div:
    """
    Dropdown to select the status.
@@ -9,11 +9,9 @@ def create_layout_overview(
    download_button_xlsx: html.Button,
    severity_dropdown: html.Div,
    service_dropdown: html.Div,
-    provider_dropdown: html.Div,
    table_row_dropdown: html.Div,
    status_dropdown: html.Div,
    table_div_header: html.Div,
-    amount_providers: int,
 ) -> html.Div:
    """
    Create the layout of the dashboard.
@@ -49,10 +47,9 @@ def create_layout_overview(
                [
                    html.Div([severity_dropdown], className=""),
                    html.Div([service_dropdown], className=""),
-                    html.Div([provider_dropdown], className=""),
                    html.Div([status_dropdown], className=""),
                ],
-                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-4",
+                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-3",
            ),
            html.Div(
                [
@@ -62,7 +59,7 @@ def create_layout_overview(
                    html.Div(className="flex", id="k8s_card", n_clicks=0),
                    html.Div(className="flex", id="m365_card", n_clicks=0),
                ],
-                className=f"grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-{amount_providers}",
+                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-5",
            ),
            html.H4(
                "Count of Findings by severity",
@@ -346,27 +346,34 @@ def display_data(
        if item == "nan" or item.__class__.__name__ != "str":
            region_filter_options.remove(item)

-    # Convert ASSESSMENTDATE to datetime
    data["ASSESSMENTDATE"] = pd.to_datetime(data["ASSESSMENTDATE"], errors="coerce")
-    data["ASSESSMENTDAY"] = data["ASSESSMENTDATE"].dt.date
+    data["ASSESSMENTDATE"] = data["ASSESSMENTDATE"].dt.strftime("%Y-%m-%d %H:%M:%S")

-    # Find the latest timestamp per account per day
-    latest_per_account_day = data.groupby(["ACCOUNTID", "ASSESSMENTDAY"])[
-        "ASSESSMENTDATE"
-    ].transform("max")
+    # Choosing the date that is the most recent
+    data_values = data["ASSESSMENTDATE"].unique()
+    data_values.sort()
+    data_values = data_values[::-1]
+    aux = []

-    # Keep only rows with the latest timestamp for each account and day
-    data = data[data["ASSESSMENTDATE"] == latest_per_account_day]
+    data_values = [str(i) for i in data_values]
+    for value in data_values:
+        if value.split(" ")[0] not in [aux[i].split(" ")[0] for i in range(len(aux))]:
+            aux.append(value)
+    data_values = [str(i) for i in aux]

-    # Prepare the date filter options (unique days, as strings)
-    options_date = sorted(data["ASSESSMENTDAY"].astype(str).unique(), reverse=True)
+    data = data[data["ASSESSMENTDATE"].isin(data_values)]
+    data["ASSESSMENTDATE"] = data["ASSESSMENTDATE"].apply(lambda x: x.split(" ")[0])

-    # Filter by selected date (as string)
+    options_date = data["ASSESSMENTDATE"].unique()
+    options_date.sort()
+    options_date = options_date[::-1]
+
+    # Filter DATE
    if date_filter_analytics in options_date:
-        data = data[data["ASSESSMENTDAY"].astype(str) == date_filter_analytics]
+        data = data[data["ASSESSMENTDATE"] == date_filter_analytics]
    else:
        date_filter_analytics = options_date[0]
-        data = data[data["ASSESSMENTDAY"].astype(str) == date_filter_analytics]
+        data = data[data["ASSESSMENTDATE"] == date_filter_analytics]

    if data.empty:
        fig = px.pie()
@@ -1,4 +1,5 @@
 # Standard library imports
+import csv
 import glob
 import json
 import os
@@ -19,6 +20,7 @@ from dash.dependencies import Input, Output
 # Config import
 from dashboard.config import (
    critical_color,
+    encoding_format,
    fail_color,
    folder_path_overview,
    high_color,
@@ -36,7 +38,6 @@ from dashboard.lib.cards import create_provider_card
 from dashboard.lib.dropdowns import (
    create_account_dropdown,
    create_date_dropdown,
-    create_provider_dropdown,
    create_region_dropdown,
    create_service_dropdown,
    create_severity_dropdown,
@@ -44,7 +45,6 @@ from dashboard.lib.dropdowns import (
    create_table_row_dropdown,
 )
 from dashboard.lib.layouts import create_layout_overview
-from prowler.lib.logger import logger

 # Suppress warnings
 warnings.filterwarnings("ignore")
@@ -54,13 +54,11 @@ warnings.filterwarnings("ignore")
 csv_files = []

 for file in glob.glob(os.path.join(folder_path_overview, "*.csv")):
-    try:
-        df = pd.read_csv(file, sep=";")
-        num_rows = len(df)
+    with open(file, "r", newline="", encoding=encoding_format) as csvfile:
+        reader = csv.reader(csvfile)
+        num_rows = sum(1 for row in reader)
        if num_rows > 1:
            csv_files.append(file)
-    except Exception:
-        logger.error(f"Error reading file {file}")


 # Import logos providers
@@ -192,13 +190,7 @@ else:
        data.rename(columns={"RESOURCE_ID": "RESOURCE_UID"}, inplace=True)

    # Remove dupplicates on the finding_uid colummn but keep the last one taking into account the timestamp
-    data["DATE"] = data["TIMESTAMP"].dt.date
-    data = (
-        data.sort_values("TIMESTAMP")
-        .groupby(["DATE", "FINDING_UID"], as_index=False)
-        .last()
-    )
-    data["TIMESTAMP"] = pd.to_datetime(data["TIMESTAMP"])
+    data = data.sort_values("TIMESTAMP").drop_duplicates("FINDING_UID", keep="last")

    data["ASSESSMENT_TIME"] = data["TIMESTAMP"].dt.strftime("%Y-%m-%d")
    data_valid = pd.DataFrame()
@@ -306,13 +298,6 @@ else:

    service_dropdown = create_service_dropdown(services)

-    # Provider Dropdown
-    providers = ["All"] + list(data["PROVIDER"].unique())
-    providers = [
-        x for x in providers if str(x) != "nan" and x.__class__.__name__ == "str"
-    ]
-    provider_dropdown = create_provider_dropdown(providers)
-
    # Create the download button
    download_button_csv = html.Button(
        "Download this table as CSV",
@@ -494,11 +479,9 @@ else:
        download_button_xlsx,
        severity_dropdown,
        service_dropdown,
-        provider_dropdown,
        table_row_dropdown,
        status_dropdown,
        table_div_header,
-        len(data["PROVIDER"].unique()),
    )


@@ -525,8 +508,6 @@ else:
        Output("severity-filter", "value"),
        Output("severity-filter", "options"),
        Output("service-filter", "value"),
-        Output("provider-filter", "value"),
-        Output("provider-filter", "options"),
        Output("service-filter", "options"),
        Output("table-rows", "value"),
        Output("table-rows", "options"),
@@ -545,7 +526,6 @@ else:
    Input("download_link_xlsx", "n_clicks"),
    Input("severity-filter", "value"),
    Input("service-filter", "value"),
-    Input("provider-filter", "value"),
    Input("table-rows", "value"),
    Input("status-filter", "value"),
    Input("search-input", "value"),
@@ -569,7 +549,6 @@ def filter_data(
    n_clicks_xlsx,
    severity_values,
    service_values,
-    provider_values,
    table_row_values,
    status_values,
    search_value,
@@ -895,25 +874,6 @@ def filter_data(
        filtered_data["SERVICE_NAME"].isin(updated_service_values)
    ]

-    provider_filter_options = ["All"] + list(filtered_data["PROVIDER"].unique())
-
-    # Filter Provider
-    if provider_values == ["All"]:
-        updated_provider_values = filtered_data["PROVIDER"].unique()
-    elif "All" in provider_values and len(provider_values) > 1:
-        # Remove 'All' from the list
-        provider_values.remove("All")
-        updated_provider_values = provider_values
-    elif len(provider_values) == 0:
-        updated_provider_values = filtered_data["PROVIDER"].unique()
-        provider_values = ["All"]
-    else:
-        updated_provider_values = provider_values
-
-    filtered_data = filtered_data[
-        filtered_data["PROVIDER"].isin(updated_provider_values)
-    ]
-
    # Filter Status
    if status_values == ["All"]:
        updated_status_values = filtered_data["STATUS"].unique()
@@ -1134,17 +1094,25 @@ def filter_data(

        table_row_options = []

-        # Calculate table row options as percentages
-        percentages = [0.05, 0.10, 0.25, 0.50, 0.75, 1.0]
-        total_rows = len(filtered_data)
-        for pct in percentages:
-            value = max(1, int(total_rows * pct))
-            label = f"{int(pct * 100)}%"
-            table_row_options.append({"label": label, "value": value})
-
-        # Default to 25% if not set
+        # Take the values from the table_row_values
        if table_row_values is None or table_row_values == -1:
-            table_row_values = table_row_options[0]["value"]
+            if len(filtered_data) < 25:
+                table_row_values = len(filtered_data)
+            else:
+                table_row_values = 25
+
+        if len(filtered_data) < 25:
+            table_row_values = len(filtered_data)
+
+        if len(filtered_data) >= 25:
+            table_row_options.append(25)
+        if len(filtered_data) >= 50:
+            table_row_options.append(50)
+        if len(filtered_data) >= 75:
+            table_row_options.append(75)
+        if len(filtered_data) >= 100:
+            table_row_options.append(100)
+        table_row_options.append(len(filtered_data))

        # For the values that are nan or none, replace them with ""
        filtered_data = filtered_data.replace({np.nan: ""})
@@ -1379,36 +1347,21 @@ def filter_data(
    ]

    # Create Provider Cards
-    if "aws" in list(data["PROVIDER"].unique()):
-        aws_card = create_provider_card(
-            "aws", aws_provider_logo, "Accounts", full_filtered_data
-        )
-    else:
-        aws_card = None
-    if "azure" in list(data["PROVIDER"].unique()):
-        azure_card = create_provider_card(
-            "azure", azure_provider_logo, "Subscriptions", full_filtered_data
-        )
-    else:
-        azure_card = None
-    if "gcp" in list(data["PROVIDER"].unique()):
-        gcp_card = create_provider_card(
-            "gcp", gcp_provider_logo, "Projects", full_filtered_data
-        )
-    else:
-        gcp_card = None
-    if "kubernetes" in list(data["PROVIDER"].unique()):
-        k8s_card = create_provider_card(
-            "kubernetes", ks8_provider_logo, "Clusters", full_filtered_data
-        )
-    else:
-        k8s_card = None
-    if "m365" in list(data["PROVIDER"].unique()):
-        m365_card = create_provider_card(
-            "m365", m365_provider_logo, "Accounts", full_filtered_data
-        )
-    else:
-        m365_card = None
+    aws_card = create_provider_card(
+        "aws", aws_provider_logo, "Accounts", full_filtered_data
+    )
+    azure_card = create_provider_card(
+        "azure", azure_provider_logo, "Subscriptions", full_filtered_data
+    )
+    gcp_card = create_provider_card(
+        "gcp", gcp_provider_logo, "Projects", full_filtered_data
+    )
+    k8s_card = create_provider_card(
+        "kubernetes", ks8_provider_logo, "Clusters", full_filtered_data
+    )
+    m365_card = create_provider_card(
+        "m365", m365_provider_logo, "Accounts", full_filtered_data
+    )

    # Subscribe to Prowler Cloud card
    subscribe_card = [
@@ -1492,8 +1445,6 @@ def filter_data(
            severity_values,
            severity_filter_options,
            service_values,
-            provider_values,
-            provider_filter_options,
            service_filter_options,
            table_row_values,
            table_row_options,
@@ -16,7 +16,7 @@ services:
    volumes:
      - "./api/src/backend:/home/prowler/backend"
      - "./api/pyproject.toml:/home/prowler/pyproject.toml"
-      - "outputs:/tmp/prowler_api_output"
+      - "/tmp/prowler_api_output:/tmp/prowler_api_output"
    depends_on:
      postgres:
        condition: service_healthy
@@ -87,7 +87,7 @@ services:
      - path: .env
        required: false
    volumes:
-      - "outputs:/tmp/prowler_api_output"
+      - "/tmp/prowler_api_output:/tmp/prowler_api_output"
    depends_on:
      valkey:
        condition: service_healthy
@@ -115,7 +115,3 @@ services:
    entrypoint:
      - "../docker-entrypoint.sh"
      - "beat"
-
-volumes:
-  outputs:
-    driver: local
@@ -8,7 +8,7 @@ services:
    ports:
      - "${DJANGO_PORT:-8080}:${DJANGO_PORT:-8080}"
    volumes:
-      - "output:/tmp/prowler_api_output"
+      - "/tmp/prowler_api_output:/tmp/prowler_api_output"
    depends_on:
      postgres:
        condition: service_healthy
@@ -68,7 +68,7 @@ services:
      - path: .env
        required: false
    volumes:
-      - "output:/tmp/prowler_api_output"
+      - "/tmp/prowler_api_output:/tmp/prowler_api_output"
    depends_on:
      valkey:
        condition: service_healthy
@@ -91,7 +91,3 @@ services:
    entrypoint:
      - "../docker-entrypoint.sh"
      - "beat"
-
-volumes:
-  output:
-    driver: local
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Rubén De la Torre Vico	809fd3dcf3	Merge branch 'master' into api-add-missing-map	2025-06-23 10:48:00 +02:00
Rubén De la Torre Vico	a470b7c9d8	docs(changelog): change fix from version	2025-06-20 10:00:39 +02:00
Rubén De la Torre Vico	eba5f8e621	docs(changelog): update PR link for new fix	2025-06-20 09:58:23 +02:00
Adrián Jesús Peña Rodríguez	56443518d6	fix(export): add missing m365 iso27001 mapping	2025-06-18 18:20:25 +02:00